Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Remediation

References

CVE-2016-3092

Related Vulnerabilities

Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-14574)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)

WordPress Plugin Redirect 404 Error Page to Homepage or Custom Page with Logs Cross-Site Request Forgery (1.7.8)

Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)

Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)

Severity

High

Classification

CVE-2016-3092 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities