Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Remediation

References

CVE-2016-3092

Related Vulnerabilities

SharePoint CVE-2020-17015 Vulnerability (CVE-2020-17015)

WordPress Plugin YITH WooCommerce Zoom Magnifier Security Bypass (1.3.11)

Python Out-of-bounds Write Vulnerability (CVE-2019-12900)

WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)

Severity

High

Classification

CVE-2016-3092 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities