7.8

CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpIcewall Identity Manager Version5.0
HpIcewall Sso Agent Option Version10.0
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc10
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.1
ApacheTomcat Version8.0.3
ApacheTomcat Version8.0.5
ApacheTomcat Version8.0.8
ApacheTomcat Version8.0.11
ApacheTomcat Version8.0.12
ApacheTomcat Version8.0.14
ApacheTomcat Version8.0.15
ApacheTomcat Version8.0.17
ApacheTomcat Version8.0.18
ApacheTomcat Version8.0.20
ApacheTomcat Version8.0.21
ApacheTomcat Version8.0.22
ApacheTomcat Version8.0.23
ApacheTomcat Version8.0.24
ApacheTomcat Version8.0.26
ApacheTomcat Version8.0.27
ApacheTomcat Version8.0.28
ApacheTomcat Version8.0.29
ApacheTomcat Version8.0.30
ApacheTomcat Version8.0.32
ApacheTomcat Version8.0.33
ApacheTomcat Version8.0.35
DebianDebian Linux Version8.0
ApacheTomcat Version8.5.0
ApacheTomcat Version8.5.2
ApacheCommons Fileupload Version <= 1.3.1
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.2 Updatebeta
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.4 Updatebeta
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.5 Updatebeta
ApacheTomcat Version7.0.6
ApacheTomcat Version7.0.8
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.47
ApacheTomcat Version7.0.50
ApacheTomcat Version7.0.52
ApacheTomcat Version7.0.53
ApacheTomcat Version7.0.54
ApacheTomcat Version7.0.55
ApacheTomcat Version7.0.56
ApacheTomcat Version7.0.57
ApacheTomcat Version7.0.59
ApacheTomcat Version7.0.61
ApacheTomcat Version7.0.62
ApacheTomcat Version7.0.63
ApacheTomcat Version7.0.64
ApacheTomcat Version7.0.65
ApacheTomcat Version7.0.67
ApacheTomcat Version7.0.68
ApacheTomcat Version7.0.69
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.93% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tomcat.apache.org/security-7.html
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.gentoo.org/glsa/202107-39
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://tomcat.apache.org/security-8.html
Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2020.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://www.debian.org/security/2016/dsa-3609
Third Party Advisory
http://www.ubuntu.com/usn/USN-3024-1
Third Party Advisory
https://security.gentoo.org/glsa/201705-09
http://tomcat.apache.org/security-9.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2807.html
http://rhn.redhat.com/errata/RHSA-2016-2808.html
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
http://jvn.jp/en/jp/JVN89379547/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Vendor Advisory
VDB Entry
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2068.html
http://rhn.redhat.com/errata/RHSA-2016-2069.html
http://rhn.redhat.com/errata/RHSA-2016-2070.html
http://rhn.redhat.com/errata/RHSA-2016-2071.html
http://rhn.redhat.com/errata/RHSA-2016-2072.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://svn.apache.org/viewvc?view=revision&revision=1743480
http://svn.apache.org/viewvc?view=revision&revision=1743722
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743738
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743742
Vendor Advisory
http://www.debian.org/security/2016/dsa-3611
Third Party Advisory
http://www.debian.org/security/2016/dsa-3614
Third Party Advisory
http://www.securityfocus.com/bid/91453
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036427
http://www.securitytracker.com/id/1036900
http://www.securitytracker.com/id/1037029
http://www.securitytracker.com/id/1039606
http://www.ubuntu.com/usn/USN-3027-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
Issue Tracking
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Patch
Third Party Advisory
Permissions Required
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
https://security.netapp.com/advisory/ntap-20190212-0001/