National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apache:commons_fileupload:1.1.1
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Published: October 25, 2016; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Published: July 04, 2016; 06:59:04 PM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Published: April 01, 2014; 02:27:51 AM -04:00
V2: 7.5 HIGH
CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Published: March 15, 2013; 04:55:10 PM -04:00
V2: 3.3 LOW