what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2016-3092

Status Candidate

Overview

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Related Files

Gentoo Linux Security Advisory 202107-39
Posted Jul 19, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-39 - Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition. Versions 1.3 and below are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0248, CVE-2014-0050, CVE-2016-3092
SHA-256 | da595f1d67dc8debc118a5489d2f92bcd08094c94d4ee86e23b7c49ce74d1621
Gentoo Linux Security Advisory 201705-09
Posted May 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-9 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to privilege escalation. Versions less than 8.0.36 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-1240, CVE-2016-3092, CVE-2016-8745, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
SHA-256 | 32a00eece0fedfca7e3d14c18c552d78e1bb762223bc097962ee70ea1c994b64
Red Hat Security Advisory 2017-0457-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0457-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
SHA-256 | 7b6d937a7363eb3534a17e5753987b42852580f1bf77ab54d81316639581af8a
Red Hat Security Advisory 2017-0456-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0456-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
SHA-256 | 439006faa54fcb1a99274f4917c65ee29688301c270ba766630fe134a170fcff
Red Hat Security Advisory 2017-0455-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0455-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
SHA-256 | 229900bcc01d582272cfb12959e445a23c0cd6ee8d637f7acf5f7769ec2c427d
HP Security Bulletin HPSBUX03665 3
Posted Dec 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03665 3 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or URL Redirection. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-3092, CVE-2016-5388
SHA-256 | 9d2cd9d2c5a5326760651264d9508d7f771267c319cee95f6f5733b6837bf96b
Red Hat Security Advisory 2016-2807-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | a747ee41bc1c78f0329cb06102ce7044196717407b83c8ba83cdc599fc05f1e6
Red Hat Security Advisory 2016-2808-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | 6aabba5392b13a85b44e0e196d13a81b259818172e29bc8bb40c46530f9dfb13
HP Security Bulletin HPSBUX03665 2
Posted Nov 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03665 2 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-3092, CVE-2016-5388
SHA-256 | 8a33a45462fb5af32efafe6f3107b91eb71ecf3236ac6ed9fb1332835889de91
HP Security Bulletin HPSBUX03665 1
Posted Nov 7, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03665 1 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-3092, CVE-2016-5388
SHA-256 | bbafcd56c7474dd4c44957ace450decc84059a5ee53ec33bf03dac1511ccfa33
Red Hat Security Advisory 2016-2599-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2599-02 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | eb4b78c2f1daa3013b5a8463412acf3f72bbf7cecd1cb000754357f150091883
Red Hat Security Advisory 2016-2071-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2071-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-3092
SHA-256 | ad36eab6d193625512bd94f6df20f23a60607c199ab728e8152362ed9051ff72
Red Hat Security Advisory 2016-2069-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2069-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-3092
SHA-256 | 90a74be5a92d9f26804f928cecbdaf1f32cc050c7b7188829e6168b51a751d5c
Red Hat Security Advisory 2016-2072-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2072-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. Security Fix: A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-3092
SHA-256 | 9ed1b834fb53a506fd1eb1dd9f86980b8ae375e674b25aafe7ab41754eb1c606
Red Hat Security Advisory 2016-2068-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2068-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-3092
SHA-256 | 9fe5a5fdc0cc4a999a818f305cc5969f3b738a130e4405151c33a7b739fd8923
Red Hat Security Advisory 2016-2070-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2070-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-3092
SHA-256 | d7ec988f0ff5ab1d3e9e885d06936c7833554bee0db9963a3e999d0f16bd646e
HP Security Bulletin HPSBHF03652 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03652 1 - A potential vulnerability in Apache Commons FileUpload was addressed by HPE iMC PLAT network products. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-3092
SHA-256 | 95a8eceab70b60080766e978894efbac8842f4208552f7ea273e4246150a8058
HP Security Bulletin HPSBGN03631 1
Posted Jul 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03631 1 - A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-3092
SHA-256 | c17910ace9f145dd7b8ebe6050394be1f1cf3db8ff2d238485bbcd1b64225fcb
Ubuntu Security Notice USN-3027-1
Posted Jul 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3027-1 - It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-3092
SHA-256 | 98eaa175de2c312c0bf47773278a5a08d83e1d05406d0b4248018d81adb54786
Ubuntu Security Notice USN-3024-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3024-1 - It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | 4370e181c653b8239d33a7ca5224666cb7d29084f3014c7e307c339e87ecd273
Debian Security Advisory 3614-1
Posted Jul 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3614-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
SHA-256 | 8dbdb645982cfd7d0be2c190d07143c9f61b91668bd2ea676e951e673b8b3ff3
Debian Security Advisory 3611-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
SHA-256 | 8063f2fceed2ffb108fdb433edb8aa47a61a755d3a99c08fb9ab864029de4cdf
Debian Security Advisory 3609-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3609-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | dc0dfa37ac8428b022149f7007f8c04701baa05b455c582b2b3162c0543ee491
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close