Debian Linux Security Advisory 2856-1 - It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.
508b610d2ad42fb81e138ded4b4c75e63ceab3efaa85a14f2cfa933a2d6d1e37
It is possible to craft a malformed Content-Type header for a multipart request that causes Apache Commons FileUpload to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service. Affected include Apache Tomcat versions 7.0.0 through 7.0.50, 8.0.0-RC1 through 8.0.1, and Apache Commons FileUpload versions 1.0 through 1.3.
8dfbe0cfb95f092bd86c843cf19490a000e2626be62589af1adf0aa833f36d3c