Description

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Remediation

References

CVE-2014-0050

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2001-0766)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3659)

PHP Resource Management Errors Vulnerability (CVE-2012-0789)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8994)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2269)

Severity

High

Classification

CVE-2014-0050 CWE-264

Tags

Missing Update Known Vulnerabilities