CVE-2014-0050
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
githubgithub.com/jrrdev/cve-2014-0050★ 1exploitdbwww.exploit-db.com/exploits/31615no verificadocve_referencepacketstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://advisories.mageia.org/MGASA-2014-0110.htmlhttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000017http://jvn.jp/en/jp/JVN14876762/index.htmlhttp://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=143136844732487&w=2http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0252.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0253.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0400.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1062337http://seclists.org/fulldisclosure/2014/Dec/23