CVE - CVE-2014-0050

CVE-ID
CVE-2014-0050	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library URL:http://www.securityfocus.com/archive/1/532549/100/0/threaded BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 MLIST:[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS URL:http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E MISC:http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html MISC:http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html CONFIRM:http://svn.apache.org/r1565143 CONFIRM:http://tomcat.apache.org/security-7.html CONFIRM:http://tomcat.apache.org/security-8.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1062337 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676401 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676403 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676410 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676853 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0007.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675432 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676405 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676656 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677724 CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677691 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21681214 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:http://advisories.mageia.org/MGASA-2014-0110.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21669554 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676091 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676092 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0008.html CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html DEBIAN:DSA-2856 URL:http://www.debian.org/security/2014/dsa-2856 HP:HPSBGN03329 URL:http://marc.info/?l=bugtraq&m=143136844732487&w=2 MANDRIVA:MDVSA-2015:084 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 REDHAT:RHSA-2014:0400 URL:http://rhn.redhat.com/errata/RHSA-2014-0400.html REDHAT:RHSA-2014:0252 URL:http://rhn.redhat.com/errata/RHSA-2014-0252.html REDHAT:RHSA-2014:0253 URL:http://rhn.redhat.com/errata/RHSA-2014-0253.html UBUNTU:USN-2130-1 URL:http://www.ubuntu.com/usn/USN-2130-1 JVN:JVN#14876762 URL:http://jvn.jp/en/jp/JVN14876762/index.html JVNDB:JVNDB-2014-000017 URL:http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 BID:65400 URL:http://www.securityfocus.com/bid/65400 SECUNIA:57915 URL:http://secunia.com/advisories/57915 SECUNIA:58976 URL:http://secunia.com/advisories/58976 SECUNIA:59039 URL:http://secunia.com/advisories/59039 SECUNIA:59184 URL:http://secunia.com/advisories/59184 SECUNIA:59232 URL:http://secunia.com/advisories/59232 SECUNIA:59492 URL:http://secunia.com/advisories/59492 SECUNIA:59500 URL:http://secunia.com/advisories/59500 SECUNIA:58075 URL:http://secunia.com/advisories/58075 SECUNIA:59041 URL:http://secunia.com/advisories/59041 SECUNIA:59183 URL:http://secunia.com/advisories/59183 SECUNIA:59185 URL:http://secunia.com/advisories/59185 SECUNIA:59187 URL:http://secunia.com/advisories/59187 SECUNIA:59399 URL:http://secunia.com/advisories/59399 SECUNIA:59725 URL:http://secunia.com/advisories/59725 SECUNIA:60475 URL:http://secunia.com/advisories/60475 SECUNIA:60753 URL:http://secunia.com/advisories/60753
Assigning CNA
N/A
Date Entry Created
20131203	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org