Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2014-0050
StatusCandidate
DescriptionMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Severity
Medium
CVSS score5
CVSS vector(AV:N/AC:L/Au:N/C:N/I:N/A:P)
PhaseAssigned (15.05.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050
ReferencesSECUNIA : 57915
 MISC : http://blog.spiderlabs.com/2014/02/cve-2014-0050-e...
 CONFIRM : http://svn.apache.org/r1565143
 CONFIRM : http://tomcat.apache.org/security-7.html
 CONFIRM : http://tomcat.apache.org/security-8.html
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=1062337
 JVN : JVN#14876762
 JVNDB : JVNDB-2014-000017
 REDHAT : RHSA-2014:0400
 MLIST : [commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
SecurityVulns:Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
 Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
 HP SDN VAN Controller DoS
 Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
 Apache Tomcat multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod