CVE - CVE-2014-0050

CVE-ID
CVE-2014-0050	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:65400 URL:http://www.securityfocus.com/bid/65400 BUGTRAQ:20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library URL:http://www.securityfocus.com/archive/1/532549/100/0/threaded BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded CONFIRM:http://advisories.mageia.org/MGASA-2014-0110.html CONFIRM:http://svn.apache.org/r1565143 CONFIRM:http://tomcat.apache.org/security-7.html CONFIRM:http://tomcat.apache.org/security-8.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21669554 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675432 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676091 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676092 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676401 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676403 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676405 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676410 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676656 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676853 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677691 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677724 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21681214 CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0007.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0008.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1062337 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 DEBIAN:DSA-2856 URL:http://www.debian.org/security/2014/dsa-2856 FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 GENTOO:GLSA-202107-39 URL:https://security.gentoo.org/glsa/202107-39 HP:HPSBGN03329 URL:http://marc.info/?l=bugtraq&m=143136844732487&w=2 JVN:JVN#14876762 URL:http://jvn.jp/en/jp/JVN14876762/index.html JVNDB:JVNDB-2014-000017 URL:http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 MANDRIVA:MDVSA-2015:084 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:084~~ (Obsolete source) MISC:http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html MISC:http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html MLIST:[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS URL:http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E REDHAT:RHSA-2014:0252 URL:http://rhn.redhat.com/errata/RHSA-2014-0252.html REDHAT:RHSA-2014:0253 URL:http://rhn.redhat.com/errata/RHSA-2014-0253.html REDHAT:RHSA-2014:0400 URL:http://rhn.redhat.com/errata/RHSA-2014-0400.html SECUNIA:57915 URL:http://secunia.com/advisories/57915 SECUNIA:58075 URL:http://secunia.com/advisories/58075 SECUNIA:58976 URL:http://secunia.com/advisories/58976 SECUNIA:59039 URL:http://secunia.com/advisories/59039 SECUNIA:59041 URL:http://secunia.com/advisories/59041 SECUNIA:59183 URL:http://secunia.com/advisories/59183 SECUNIA:59184 URL:http://secunia.com/advisories/59184 SECUNIA:59185 URL:http://secunia.com/advisories/59185 SECUNIA:59187 URL:http://secunia.com/advisories/59187 SECUNIA:59232 URL:http://secunia.com/advisories/59232 SECUNIA:59399 URL:http://secunia.com/advisories/59399 SECUNIA:59492 URL:http://secunia.com/advisories/59492 SECUNIA:59500 URL:http://secunia.com/advisories/59500 SECUNIA:59725 URL:http://secunia.com/advisories/59725 SECUNIA:60475 URL:http://secunia.com/advisories/60475 SECUNIA:60753 URL:http://secunia.com/advisories/60753 UBUNTU:USN-2130-1 URL:http://www.ubuntu.com/usn/USN-2130-1
Assigning CNA
Red Hat, Inc.
Date Record Created
20131203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)