2014-09-15
ALT-BU-2014-3193-1
Branch sisyphus update bulletin.
Package apache-commons-fileupload updated to version 1.3-alt1_4jpp7 for branch sisyphus in task 129933.
Closed vulnerabilities
Published: 2014-04-01
BDU:2022-03337
Уязвимость файла MultipartStream.java библиотеки Apache Commons FileUpload, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.3)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2013-03-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Severity: LOW (3.3)
References:
- 20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
- 20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
- HPSBMU03409
- HPSBMU03409
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 90906
- 90906
- 58326
- 58326
- GLSA-202107-39
- GLSA-202107-39
Published: 2014-04-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Severity: HIGH (7.5)
References:
- http://advisories.mageia.org/MGASA-2014-0110.html
- http://advisories.mageia.org/MGASA-2014-0110.html
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- JVN#14876762
- JVN#14876762
- JVNDB-2014-000017
- JVNDB-2014-000017
- [commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
- [commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
- HPSBGN03329
- HPSBGN03329
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- RHSA-2014:0252
- RHSA-2014:0252
- RHSA-2014:0253
- RHSA-2014:0253
- RHSA-2014:0400
- RHSA-2014:0400
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 57915
- 57915
- 58075
- 58075
- 58976
- 58976
- 59039
- 59039
- 59041
- 59041
- 59183
- 59183
- 59184
- 59184
- 59185
- 59185
- 59187
- 59187
- 59232
- 59232
- 59399
- 59399
- 59492
- 59492
- 59500
- 59500
- 59725
- 59725
- 60475
- 60475
- 60753
- 60753
- http://svn.apache.org/r1565143
- http://svn.apache.org/r1565143
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-8.html
- DSA-2856
- DSA-2856
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- MDVSA-2015:084
- MDVSA-2015:084
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
- 20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 65400
- 65400
- USN-2130-1
- USN-2130-1
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21675432
- http://www-01.ibm.com/support/docview.wss?uid=swg21675432
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676401
- http://www-01.ibm.com/support/docview.wss?uid=swg21676401
- http://www-01.ibm.com/support/docview.wss?uid=swg21676403
- http://www-01.ibm.com/support/docview.wss?uid=swg21676403
- http://www-01.ibm.com/support/docview.wss?uid=swg21676405
- http://www-01.ibm.com/support/docview.wss?uid=swg21676405
- http://www-01.ibm.com/support/docview.wss?uid=swg21676410
- http://www-01.ibm.com/support/docview.wss?uid=swg21676410
- http://www-01.ibm.com/support/docview.wss?uid=swg21676656
- http://www-01.ibm.com/support/docview.wss?uid=swg21676656
- http://www-01.ibm.com/support/docview.wss?uid=swg21676853
- http://www-01.ibm.com/support/docview.wss?uid=swg21676853
- http://www-01.ibm.com/support/docview.wss?uid=swg21677691
- http://www-01.ibm.com/support/docview.wss?uid=swg21677691
- http://www-01.ibm.com/support/docview.wss?uid=swg21677724
- http://www-01.ibm.com/support/docview.wss?uid=swg21677724
- http://www-01.ibm.com/support/docview.wss?uid=swg21681214
- http://www-01.ibm.com/support/docview.wss?uid=swg21681214
- https://bugzilla.redhat.com/show_bug.cgi?id=1062337
- https://bugzilla.redhat.com/show_bug.cgi?id=1062337
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- GLSA-202107-39
- GLSA-202107-39