what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apache Commons FileUpload / Apache Tomcat Denial Of Service

Apache Commons FileUpload / Apache Tomcat Denial Of Service
Posted Feb 7, 2014
Authored by Mark Thomas | Site tomcat.apache.org

It is possible to craft a malformed Content-Type header for a multipart request that causes Apache Commons FileUpload to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service. Affected include Apache Tomcat versions 7.0.0 through 7.0.50, 8.0.0-RC1 through 8.0.1, and Apache Commons FileUpload versions 1.0 through 1.3.

tags | advisory, denial of service
advisories | CVE-2014-0050
SHA-256 | 8dfbe0cfb95f092bd86c843cf19490a000e2626be62589af1adf0aa833f36d3c

Apache Commons FileUpload / Apache Tomcat Denial Of Service

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Commons FileUpload 1.0 to 1.3
- - Apache Tomcat 8.0.0-RC1 to 8.0.1
- - Apache Tomcat 7.0.0 to 7.0.50
- - Apache Tomcat 6 and earlier are not affected

Apache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of
Apache Commons FileUpload to implement the requirement of the Servlet
3.0 and later specifications to support the processing of
mime-multipart requests. Tomcat 7 and 8 are therefore affected by this
issue. While Tomcat 6 uses Commons FileUpload as part of the Manager
application, access to that functionality is limited to authenticated
administrators.

Description:
It is possible to craft a malformed Content-Type header for a
multipart request that causes Apache Commons FileUpload to enter an
infinite loop. A malicious user could, therefore, craft a malformed
request that triggered a denial of service.
This issue was reported responsibly to the Apache Software Foundation
via JPCERT but an error in addressing an e-mail led to the unintended
early disclosure of this issue[1].

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released
- - Upgrade to Apache Tomcat 8.0.2 or later once released
- - Upgrade to Apache Tomcat 7.0.51 or later once released
- - Apply the appropriate patch
- Commons FileUpload: http://svn.apache.org/r1565143
- Tomcat 8: http://svn.apache.org/r1565163
- Tomcat 7: http://svn.apache.org/r1565169
- - Limit the size of the Content-Type header to less than 4091 bytes

Credit:
This issue was reported to the Apache Software Foundation via JPCERT.

References:
[1] http://markmail.org/message/kpfl7ax4el2owb3o
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS83P8AAoJEBDAHFovYFnnbOwP/0m80St7x63n6VCiR0aGuGLz
/J004spHfbc+vtg2RumObBTX6mSfvPgO2R4FzE17Etg8QtWreoxb7kjnVXUwjdMX
nb3Yt6IY1yBW1K+YcZRziOQXkRnnjnpC7Lh2o5eqpJ1S7wpXl5PBIXYSxMAsJCuv
axFA0aq5cc17uDAH1z6DPk4149oZz2lHdlBUTTkCh/0PrvcIFxwpej75gUfyaV0y
DGZLs3IpRYcJMS131q72DUt9wBsIqJN0mqUOq2svBS3mlXBcKDjy21b8QiEr8itK
UqwsYUtOZP4nZ4u8j6euxF2fC/ivm/930OGOl9pn2SbkoHJKm/4rz2GYDA9jq07K
XEDeGdTx3ZuDaTaBER8xquETRZ/Rb8dbBxQwzmo6doJNOjsMQFlR+1F+p56AhYd0
klbT6Q7i/Ic3BdRJkUpaYshhtXeAOnH+0u9j4kRXMgJbkMgOacopomFX6HoXr9/i
RHGbwwSZViLooR88Yg0FU2230+9mJLXxaJ6usHrtq4dS9ElSV320OCyisNjMX5hi
5SFYMSy+z0nsK2O6yCzlukztoFhvaNecvy3I8w5EKytweyFlPzxXn6QpQjG+ffb5
ql7TZRrApiaewp4crzBcZSAjDzRNiQpcI2xTTN/H9u/yk8lrhOULi4pljKCudvmM
eIWblFdpoPVl0iqvsXA9
=uzLf
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close