CVE-2014-0050

Currently unrated

Key Information:

Vendor
Oracle
Status
Retail Applications
Vendor
CVE Published:
1 April 2014

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 41%

Summary

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2014-0050
Created by jrrdev

References

http://packetstormsecurity.com/files/127215/VMware-Securi...
x_refsource_MISC
http://www.vmware.com/security/advisories/VMSA-2014-0008....
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676656
x_refsource_CONFIRM

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.