It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.2-1+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 1.2.2-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.3.1-1. We recommend that you upgrade your libcommons-fileupload-java packages.

The Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications.

libcommons-fileupload-java on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-2856.html

---

Updated on 2015-03-25