Denial of Service Vulnerability in Apache Commons FileUpload across Multiple Platforms
CVE-2014-0050

Currently unrated

Key Information:

Vendor
Oracle
Status
Retail Applications
Vendor
CVE Published:
1 April 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

Summary

A vulnerability exists in Apache Commons FileUpload that allows remote attackers to trigger a denial of service via a crafted Content-Type header. This exploitation could lead to an infinite loop and excessive CPU consumption, impacting the performance of affected servers such as Apache Tomcat and JBoss Web. The issue arises from the failure to adequately handle certain Content-Type headers, bypassing expected loop exit conditions, thereby leaving the server in an unresponsive state. It is recommended to upgrade to the latest version of Apache Commons FileUpload to mitigate this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2014-0050
Created by jrrdev

References

http://packetstormsecurity.com/files/127215/VMware-Securi...
x_refsource_MISC
http://www.vmware.com/security/advisories/VMSA-2014-0008....
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676656
x_refsource_CONFIRM

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.