Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0050 PoC — Apache Commons FileUpload 权限许可和访问控制问题漏洞

Source
https://github.com/jrrdev/cve-2014-0050
Associated Vulnerability
Title:Apache Commons FileUpload 权限许可和访问控制问题漏洞 (CVE-2014-0050)
Description:MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Description
CVE-2014-0050 Vulnerable site sample
Readme
# cve-2014-0050
CVE-2014-0050 Vulnerable site sample

This project aims to demonstrate the CVE-2014-0050 exploitation for educational purpose.
For more informations, see :
* [https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2014-0050--Exploit-with-Boundaries,-Loops-without-Boundaries/](https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2014-0050--Exploit-with-Boundaries,-Loops-without-Boundaries/)
* [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb)

## Legal Disclaimer

This project is made for educational and ethical testing purposes only. Attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## Getting started

1. Start the docker container :

`docker run -d -p 8080:8080 jrrdev/cve-2014-0050:latest`

2. Download the exploit script on the attacker machine [here](https://github.com/jrrdev/cve-2014-0050/blob/master/exploit/exploit.py)

3. Run the python exploit script from the attacker machine :

`python exploit.py http://<DOCKER_HOST>:8080/hello`

4. Monitor CPU usage :-)
File Snapshot

 [4.0K]  /data/pocs/eb5861bc5a43c43ade9a95ed729d30c7bcb4da61
├── [4.0K]  docker
│   └── [  80]  entry-point.sh
├── [ 654]  Dockerfile
├── [4.0K]  exploit
│   └── [ 956]  exploit.py
├── [1.1K]  LICENSE
├── [2.3K]  pom.xml
├── [1.4K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  github
        │           └── [4.0K]  jrrdev
        │               ├── [1.8K]  AppConfiguration.java
        │               ├── [1.6K]  Application.java
        │               └── [1.5K]  HelloWorldAction.java
        └── [4.0K]  resources
            ├── [ 411]  log4j2.xml
            ├── [4.0K]  META-INF
            │   └── [4.0K]  resources
            │       ├── [4.0K]  pages
            │       │   └── [ 144]  helloworld.jsp
            │       └── [4.0K]  WEB-INF
            │           └── [ 475]  web.xml
            └── [ 555]  struts.xml

13 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →