← back
CVE-2016-3092

CVE-2016-3092

EPSS 35.9%
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121http://jvn.jp/en/jp/JVN89379547/index.htmlhttp://lists.opensuse.org/opensuse-updates/2016-09/msg00025.htmlhttp://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3Ehttp://rhn.redhat.com/errata/RHSA-2016-2068.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2069.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2070.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2071.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2072.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2807.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2808.html