← voltar
CVE-2014-0050

CVE-2014-0050

EPSS 83.2%
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Produtos afetados
n/a · n/a
PoCs públicas encontradas3
githubgithub.com/jrrdev/cve-2014-00501exploitdbwww.exploit-db.com/exploits/31615não verificadocve_referencepacketstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://advisories.mageia.org/MGASA-2014-0110.htmlhttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000017http://jvn.jp/en/jp/JVN14876762/index.htmlhttp://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=143136844732487&w=2http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0252.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0253.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0400.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1062337http://seclists.org/fulldisclosure/2014/Dec/23