CVE-2014-0050
Apache Commons FileUpload and Apache Tomcat - Denial of Service
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle.
A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests. It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-03 CVE Reserved
- 2014-02-07 CVE Published
- 2014-02-12 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (75)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/180508 | 2024-08-31 | |
| https://www.exploit-db.com/exploits/31615 | 2014-02-12 | |
| https://github.com/jrrdev/cve-2014-0050 | 2023-05-29 | |
| http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://svn.apache.org/r1565143 | 2023-11-07 | |
| http://tomcat.apache.org/security-7.html | 2023-11-07 | |
| http://tomcat.apache.org/security-8.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=143136844732487&w=2 | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-0252.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-0253.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-0400.html | 2023-11-07 | |
| http://www.debian.org/security/2014/dsa-2856 | 2023-11-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2130-1 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1062337 | 2015-05-14 | |
| https://security.gentoo.org/glsa/202107-39 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-0050 | 2015-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 12.0 Search vendor "Oracle" for product "Retail Applications" and version "12.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 12.0in Search vendor "Oracle" for product "Retail Applications" and version "12.0in" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 13.0 Search vendor "Oracle" for product "Retail Applications" and version "13.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 13.1 Search vendor "Oracle" for product "Retail Applications" and version "13.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 13.2 Search vendor "Oracle" for product "Retail Applications" and version "13.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 13.3 Search vendor "Oracle" for product "Retail Applications" and version "13.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 13.4 Search vendor "Oracle" for product "Retail Applications" and version "13.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Applications Search vendor "Oracle" for product "Retail Applications" | 14.0 Search vendor "Oracle" for product "Retail Applications" and version "14.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | <= 1.3 Search vendor "Apache" for product "Commons Fileupload" and version " <= 1.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.0 Search vendor "Apache" for product "Commons Fileupload" and version "1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.1 Search vendor "Apache" for product "Commons Fileupload" and version "1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.1.1 Search vendor "Apache" for product "Commons Fileupload" and version "1.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.2 Search vendor "Apache" for product "Commons Fileupload" and version "1.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.2.1 Search vendor "Apache" for product "Commons Fileupload" and version "1.2.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Commons Fileupload Search vendor "Apache" for product "Commons Fileupload" | 1.2.2 Search vendor "Apache" for product "Commons Fileupload" and version "1.2.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.1 Search vendor "Apache" for product "Tomcat" and version "7.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.3 Search vendor "Apache" for product "Tomcat" and version "7.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.6 Search vendor "Apache" for product "Tomcat" and version "7.0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.7 Search vendor "Apache" for product "Tomcat" and version "7.0.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.8 Search vendor "Apache" for product "Tomcat" and version "7.0.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.9 Search vendor "Apache" for product "Tomcat" and version "7.0.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.10 Search vendor "Apache" for product "Tomcat" and version "7.0.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.11 Search vendor "Apache" for product "Tomcat" and version "7.0.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.12 Search vendor "Apache" for product "Tomcat" and version "7.0.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.13 Search vendor "Apache" for product "Tomcat" and version "7.0.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.14 Search vendor "Apache" for product "Tomcat" and version "7.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.15 Search vendor "Apache" for product "Tomcat" and version "7.0.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.16 Search vendor "Apache" for product "Tomcat" and version "7.0.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.17 Search vendor "Apache" for product "Tomcat" and version "7.0.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.18 Search vendor "Apache" for product "Tomcat" and version "7.0.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.19 Search vendor "Apache" for product "Tomcat" and version "7.0.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.20 Search vendor "Apache" for product "Tomcat" and version "7.0.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.21 Search vendor "Apache" for product "Tomcat" and version "7.0.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.22 Search vendor "Apache" for product "Tomcat" and version "7.0.22" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.23 Search vendor "Apache" for product "Tomcat" and version "7.0.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.24 Search vendor "Apache" for product "Tomcat" and version "7.0.24" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.25 Search vendor "Apache" for product "Tomcat" and version "7.0.25" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.26 Search vendor "Apache" for product "Tomcat" and version "7.0.26" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.27 Search vendor "Apache" for product "Tomcat" and version "7.0.27" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.28 Search vendor "Apache" for product "Tomcat" and version "7.0.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.29 Search vendor "Apache" for product "Tomcat" and version "7.0.29" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.30 Search vendor "Apache" for product "Tomcat" and version "7.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.31 Search vendor "Apache" for product "Tomcat" and version "7.0.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.32 Search vendor "Apache" for product "Tomcat" and version "7.0.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.33 Search vendor "Apache" for product "Tomcat" and version "7.0.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.34 Search vendor "Apache" for product "Tomcat" and version "7.0.34" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.35 Search vendor "Apache" for product "Tomcat" and version "7.0.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.36 Search vendor "Apache" for product "Tomcat" and version "7.0.36" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.37 Search vendor "Apache" for product "Tomcat" and version "7.0.37" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.38 Search vendor "Apache" for product "Tomcat" and version "7.0.38" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.39 Search vendor "Apache" for product "Tomcat" and version "7.0.39" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.40 Search vendor "Apache" for product "Tomcat" and version "7.0.40" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.41 Search vendor "Apache" for product "Tomcat" and version "7.0.41" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.42 Search vendor "Apache" for product "Tomcat" and version "7.0.42" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.43 Search vendor "Apache" for product "Tomcat" and version "7.0.43" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.44 Search vendor "Apache" for product "Tomcat" and version "7.0.44" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.45 Search vendor "Apache" for product "Tomcat" and version "7.0.45" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.46 Search vendor "Apache" for product "Tomcat" and version "7.0.46" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.47 Search vendor "Apache" for product "Tomcat" and version "7.0.47" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.48 Search vendor "Apache" for product "Tomcat" and version "7.0.48" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.49 Search vendor "Apache" for product "Tomcat" and version "7.0.49" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.50 Search vendor "Apache" for product "Tomcat" and version "7.0.50" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0" | rc1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0" | rc10 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0" | rc2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0" | rc5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 8.0.1 Search vendor "Apache" for product "Tomcat" and version "8.0.1" | - |
Affected
| ||||||