7.5
CVE-2023-24998
- EPSS 47.68%
- Published 20.02.2023 16:15:10
- Last modified 13.02.2025 17:16:09
- Source security@apache.org
- Teams watchlist Login
- Open Login
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Commons Fileupload Version >= 1.0 < 1.5
Apache ≫ Commons Fileupload Version1.0 Updatebeta
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 47.68% | 0.976 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.