Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Commons Fileupload
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3092 4 Apache, Canonical, Debian and 1 more 6 Commons Fileupload, Tomcat, Ubuntu Linux and 3 more 2024-11-21 7.8 HIGH 7.5 HIGH
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
CVE-2016-1000031 1 Apache 1 Commons Fileupload 2024-11-21 7.5 HIGH 9.8 CRITICAL
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
CVE-2014-0050 2 Apache, Oracle 3 Commons Fileupload, Tomcat, Retail Applications 2024-11-21 7.5 HIGH N/A
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
CVE-2013-0248 1 Apache 1 Commons Fileupload 2024-11-21 3.3 LOW N/A
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
CVE-2023-24998 2 Apache, Debian 2 Commons Fileupload, Debian Linux 2024-02-28 N/A 7.5 HIGH
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.