CVE-2016-3092 Information

Feb 14, 2021 cve

Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2 as used in Apache Tomcat 7.x before 7.0.70 8.x before 8.0.36 8.5.x before 8.5.3 and 9.x before 9.0.0.M7 and other products allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://jvn.jp/en/jp/JVN89379547/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/3CCAF8HOZ2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC2BH8g6oZkBg2BCxg40mail.gmail.com3E http://rhn.redhat.com/errata/RHSA-2016-2068.html http://rhn.redhat.com/errata/RHSA-2016-2069.html http://rhn.redhat.com/errata/RHSA-2016-2070.html http://rhn.redhat.com/errata/RHSA-2016-2071.html http://rhn.redhat.com/errata/RHSA-2016-2072.html http://rhn.redhat.com/errata/RHSA-2016-2599.html http://rhn.redhat.com/errata/RHSA-2016-2807.html http://rhn.redhat.com/errata/RHSA-2016-2808.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://svn.apache.org/viewvc?view=revision&revision=1743480 http://svn.apache.org/viewvc?view=revision&revision=1743722 http://svn.apache.org/viewvc?view=revision&revision=1743738 http://svn.apache.org/viewvc?view=revision&revision=1743742 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://www.debian.org/security/2016/dsa-3609 http://www.debian.org/security/2016/dsa-3611 http://www.debian.org/security/2016/dsa-3614 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91453 http://www.securitytracker.com/id/1036427 http://www.securitytracker.com/id/1036900 http://www.securitytracker.com/id/1037029 http://www.securitytracker.com/id/1039606 http://www.ubuntu.com/usn/USN-3024-1 http://www.ubuntu.com/usn/USN-3027-1 https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://bugzilla.redhat.com/show_bug.cgi?id=1349468 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@3Cdev.tomcat.apache.org3E https://security.gentoo.org/glsa/201705-09 https://security.netapp.com/advisory/ntap-20190212-0001/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: