Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Related bugs and status

CVE-2014-0050 (Candidate) is related to these bugs:

Bug #1283010: Sync tomcat7 7.0.52-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1283010	Sync tomcat7 7.0.52-1 (main) from Debian unstable (main)		tomcat7 (Ubuntu)	Wishlist	Fix Released

Bug #1290819: Update the 7.x trunk for 12.04LTS

Summary				In	Importance	Status
	1290819	Update the 7.x trunk for 12.04LTS		tomcat7 (Ubuntu)	High	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [commons-dev] 20140206...
MISC: http://blog.spiderlabs...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: https://bugzilla.redha...
JVN: JVN#14876762
JVNDB: JVNDB-2014-000017
REDHAT: RHSA-2014:0400
SECUNIA: 57915
MISC: http://packetstormsecu...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.hitachi.co....
CONFIRM: http://www.hitachi.co....
CONFIRM: http://www.hitachi.co....
BID: 65400
SECUNIA: 58976
SECUNIA: 59039
SECUNIA: 59184
SECUNIA: 59232
SECUNIA: 59492
SECUNIA: 59500
SECUNIA: 58075
SECUNIA: 59041
SECUNIA: 59183
SECUNIA: 59185
SECUNIA: 59187
SECUNIA: 59399
SECUNIA: 59725
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.huawei.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60475
SECUNIA: 60753
CONFIRM: http://www.oracle.com/...
FULLDISC: 20141205 NEW: VMSA-201...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:084
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.vmware.com/...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
HP: HPSBGN03329
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-2856
REDHAT: RHSA-2014:0252
REDHAT: RHSA-2014:0253
UBUNTU: USN-2130-1
BUGTRAQ: 20140625 NEW VMSA-2014...
BUGTRAQ: 20141205 NEW: VMSA-201...
GENTOO: GLSA-202107-39