7.5

CVE-2014-0050

Exploit
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleRetail Applications Version12.0
OracleRetail Applications Version12.0in
OracleRetail Applications Version13.0
OracleRetail Applications Version13.1
OracleRetail Applications Version13.2
OracleRetail Applications Version13.3
OracleRetail Applications Version13.4
OracleRetail Applications Version14.0
ApacheCommons Fileupload Version <= 1.3
ApacheCommons Fileupload Version1.0
ApacheCommons Fileupload Version1.1
ApacheCommons Fileupload Version1.1.1
ApacheCommons Fileupload Version1.2
ApacheCommons Fileupload Version1.2.1
ApacheCommons Fileupload Version1.2.2
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.2 Updatebeta
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.4 Updatebeta
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.6
ApacheTomcat Version7.0.7
ApacheTomcat Version7.0.8
ApacheTomcat Version7.0.9
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.13
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.15
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.17
ApacheTomcat Version7.0.18
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.24
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.31
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.36
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.38
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.43
ApacheTomcat Version7.0.44
ApacheTomcat Version7.0.45
ApacheTomcat Version7.0.46
ApacheTomcat Version7.0.47
ApacheTomcat Version7.0.48
ApacheTomcat Version7.0.49
ApacheTomcat Version7.0.50
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc10
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 83.18% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://tomcat.apache.org/security-7.html
Patch
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
https://security.gentoo.org/glsa/202107-39
http://www-01.ibm.com/support/docview.wss?uid=swg21669554
http://rhn.redhat.com/errata/RHSA-2014-0400.html
http://secunia.com/advisories/57915
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
http://tomcat.apache.org/security-8.html
Patch
Vendor Advisory
http://www.ubuntu.com/usn/USN-2130-1
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
http://www.securityfocus.com/archive/1/532549/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
http://advisories.mageia.org/MGASA-2014-0110.html
http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
Exploit
http://jvn.jp/en/jp/JVN14876762/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E
http://marc.info/?l=bugtraq&m=143136844732487&w=2
http://rhn.redhat.com/errata/RHSA-2014-0252.html
http://rhn.redhat.com/errata/RHSA-2014-0253.html
http://secunia.com/advisories/58075
http://secunia.com/advisories/58976
http://secunia.com/advisories/59039
http://secunia.com/advisories/59041
http://secunia.com/advisories/59183
http://secunia.com/advisories/59184
http://secunia.com/advisories/59185
http://secunia.com/advisories/59187
http://secunia.com/advisories/59232
http://secunia.com/advisories/59399
http://secunia.com/advisories/59492
http://secunia.com/advisories/59500
http://secunia.com/advisories/59725
http://secunia.com/advisories/60475
http://secunia.com/advisories/60753
http://svn.apache.org/r1565143
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21675432
http://www-01.ibm.com/support/docview.wss?uid=swg21676401
http://www-01.ibm.com/support/docview.wss?uid=swg21676403
http://www-01.ibm.com/support/docview.wss?uid=swg21676405
http://www-01.ibm.com/support/docview.wss?uid=swg21676410
http://www-01.ibm.com/support/docview.wss?uid=swg21676656
http://www-01.ibm.com/support/docview.wss?uid=swg21676853
http://www-01.ibm.com/support/docview.wss?uid=swg21677691
http://www-01.ibm.com/support/docview.wss?uid=swg21677724
http://www-01.ibm.com/support/docview.wss?uid=swg21681214
http://www.debian.org/security/2014/dsa-2856
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
http://www.securityfocus.com/bid/65400
https://bugzilla.redhat.com/show_bug.cgi?id=1062337
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917