This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2013-03-15 |
| Product | Commons Fileupload | Last view | 2023-02-20 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2023-02-20 | CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the |
| 9.8 | 2016-10-25 | CVE-2016-1000031 | Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution |
| 7.5 | 2016-07-04 | CVE-2016-3092 | The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. |
| 7.5 | 2014-04-01 | CVE-2014-0050 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. |
| 3.3 | 2013-03-15 | CVE-2013-0248 | The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 20% (1) | CWE-284 | Access Control (Authorization) Issues |
| 20% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:22111 | DSA-2856-1 libcommons-fileupload-java - CVE-2014-0050 |
| oval:org.mitre.oval:def:24367 | USN-2130-1 -- tomcat6, tomcat7 vulnerabilities |
| oval:org.mitre.oval:def:24488 | RHSA-2014:0429: tomcat6 security update (Moderate) |
| oval:org.mitre.oval:def:24843 | ELSA-2014:0429: tomcat6 security update (Moderate) |
| oval:org.mitre.oval:def:25499 | SUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileupload |
ExploitDB Exploits
| id | Description |
|---|---|
| 31615 | Apache Commons FileUpload and Apache Tomcat Denial-of-Service |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2014-B-0090 | Multiple Vulnerabilities in VMware vCenter Operations Severity: Category I - VMSKEY: V0052895 |
| 2014-B-0065 | Multiple Vulnerabilities in IBM WebSphere Application Server Severity: Category I - VMSKEY: V0051617 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-02-23 | Apache Commons Library FileUpload unauthorized Java object upload attempt RuleID : 41390 - Type : SERVER-WEBAPP - Revision : 3 |
| 2016-09-20 | Apache Tomcat Commons FileUpload library denial of service attempt RuleID : 39908 - Type : SERVER-APACHE - Revision : 5 |
| 2014-03-22 | Apache Tomcat infinite loop denial of service attempt RuleID : 29896 - Type : SERVER-APACHE - Revision : 2 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2018-11-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_d70c9e18f34011e8be460019dbb15b3f.nasl - Type: ACT_GATHER_INFO |
| 2018-08-30 | Name: A web application running on the remote host is affected by multiple vulnerab... File: activemq_5_15_5.nasl - Type: ACT_GATHER_INFO |
| 2017-10-19 | Name: The remote web server is affected by multiple vulnerabilities. File: glassfish_cpu_oct_2017.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_c1265e857c9511e793af005056925db4.nasl - Type: ACT_GATHER_INFO |
| 2017-07-20 | Name: An enterprise management application installed on the remote host is affected... File: oracle_enterprise_manager_jul_2017_cpu.nasl - Type: ACT_GATHER_INFO |
| 2017-05-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201705-09.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1054.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_3_3_3_1199.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: An enterprise management application installed on the remote host is affected... File: oracle_enterprise_manager_apr_2017_cpu.nasl - Type: ACT_GATHER_INFO |
| 2017-03-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-0456.nasl - Type: ACT_GATHER_INFO |
| 2017-03-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-0455.nasl - Type: ACT_GATHER_INFO |
| 2016-12-15 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20161103_tomcat_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2016-12-15 | Name: A business collaboration application running on the remote host is affected b... File: domino_swg21992835.nasl - Type: ACT_GATHER_INFO |
| 2016-11-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-2599.nasl - Type: ACT_GATHER_INFO |
| 2016-11-21 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2807.nasl - Type: ACT_GATHER_INFO |
| 2016-11-15 | Name: The remote Fedora host is missing a security update. File: fedora_2016-f4a443888b.nasl - Type: ACT_GATHER_INFO |
| 2016-11-11 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-2599.nasl - Type: ACT_GATHER_INFO |
| 2016-11-04 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2599.nasl - Type: ACT_GATHER_INFO |
| 2016-10-18 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2072.nasl - Type: ACT_GATHER_INFO |
| 2016-09-08 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1056.nasl - Type: ACT_GATHER_INFO |
| 2016-09-02 | Name: The remote Fedora host is missing a security update. File: fedora_2016-2b0c16fd82.nasl - Type: ACT_GATHER_INFO |
| 2016-09-02 | Name: The remote Fedora host is missing a security update. File: fedora_2016-0a4dccdd23.nasl - Type: ACT_GATHER_INFO |
| 2016-08-18 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-736.nasl - Type: ACT_GATHER_INFO |
| 2016-07-18 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_61b8c3594aab11e6a7bd14dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2016-07-07 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3027-1.nasl - Type: ACT_GATHER_INFO |
