CVE-2014-0050 Apache Commons FileUpload DoS Vulnerability Advisory

From the webpage screenshot, the following key vulnerability information can be obtained: Vulnerability Overview ID: JVNDB-2014-000017 Vulnerability Name: Apache Commons FileUpload vulnerable to denial-of-service (DoS) Summary: Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. When processing multipart requests, it may cause the process to enter an infinite loop. Confirmation Date: Exploitation tools targeting this vulnerability were confirmed on February 12, 2014. CVSS Severity CVSS V2 Severity: 5.0 (Medium) [IPA Score] Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Authentication: None - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Partial Affected Products Apache Software Foundation: - Apache Commons FileUpload 1.0 to 1.3 - Apache Tomcat 7.0.0 to 7.0.50 - Latest versions are not affected Impact Processing malformed requests may cause the target system to become unresponsive. Solution 1. Update Software: - Upgrade to the latest version that fixes this vulnerability - Example: Apache Commons FileUpload 1.3.1, Apache Tomcat 8.0.3, etc. 2. Apply Patch: - Apply the patch for this vulnerability from the developer repository 3. Workaround: - Limit the size of the Content-Type header to less than 4091 bytes. Vendor Information Includes official fix announcements and recommendations from vendors such as Apache Software Foundation, Oracle, IBM, etc. CVE and CWE CVE: CVE-2014-0050 CWE: CWE-20 (Improper Input Validation) References Includes links to JVN database, CVE database, and other related documents.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-0050 Apache Commons FileUpload DoS Vulnerability Advisory