CVSS: 7.5EPSS: 21%CPEs: 74EXPL: 2CVE-2014-0050 – Apache Commons FileUpload and Apache Tomcat - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. • https://www.exploit-db.com/exploits/31615 http://advisories.mageia.org/MGASA-2014-0110.html http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://packetstormsecurity.com/files/127215/VMware& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.6EPSS: 0%CPEs: 33EXPL: 0CVE-2013-5856
https://notcve.org/view.php?id=CVE-2013-5856
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. Vulnerabilidad no especificada en el componente Oracle Health Sciences InForm en Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, y 6.0.0 permite a usuarios remotos autenticados afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con Web. • http://osvdb.org/98493 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63099 •
CVSS: 3.6EPSS: 0%CPEs: 29EXPL: 0CVE-2013-5857
https://notcve.org/view.php?id=CVE-2013-5857
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. Vulnerabilidad no especificada en Oracle Health Sciences InForm componente de Oracle Industry Applications 4.5 SP3, 4.5 Service Pack 3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 Service Pack 1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a , 5.0 SP1 y 5.0 Service Pack 1a-b que permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con la web. • http://osvdb.org/98491 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63096 •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2013-5811
https://notcve.org/view.php?id=CVE-2013-5811
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality via unknown vectors related to Web. Vulnerabilidad no especificada en el componente Oracle Health Sciences InForm de Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, y 5.0 SP1a-b permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Web. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2013-5837
https://notcve.org/view.php?id=CVE-2013-5837
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos. Vulnerabilidad sin especificar en el componente Oracle Health Sciences InForm en Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, y 5.0.4 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con Cognos. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63081 •