CVE-2016-3092 – tomcat: Usage of vulnerable FileUpload package can result in denial of service
https://notcve.org/view.php?id=CVE-2016-3092
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versiones anteriores a 8.5.3 y 9.x en versiones anteriores a 9.0.0.M7 y otros productos, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una cadena de límite largo. A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. • http://jvn.jp/en/jp/JVN89379547/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2016-2068.html http://rhn.redhat.com/errata/RHSA-2016-2069.html http://rhn.redhat.com/errata/RHSA-2016-2070.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-20: Improper Input Validation •
CVE-2014-2600
https://notcve.org/view.php?id=CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP IceWall Identity Manager 4.0 hasta SP1 y 5.0 y la opción de restablecimiento de contraseña de IceWall SSO 10.0, cuando Apache Commons FileUpload es utilizado, permite a usuarios remotos autenticados causar una denegación de servicio a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298 •