Debian Linux Security Advisory 2856-1 - It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.
508b610d2ad42fb81e138ded4b4c75e63ceab3efaa85a14f2cfa933a2d6d1e37