Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Remediation

References

CVE-2016-3092

Related Vulnerabilities

MySQL CVE-2022-21355 Vulnerability (CVE-2022-21355)

WordPress Plugin Amazon Product in a Post SQL Injection (3.5.2)

Magento CVE-2019-8229 Vulnerability (CVE-2019-8229)

WordPress Plugin Radio Buttons for Taxonomies Cross-Site Request Forgery (2.0.5)

WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)

Severity

High

Classification

CVE-2016-3092 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities