Denial of Service Vulnerability in Apache Commons Fileupload Used in Apache Tomcat
CVE-2016-3092

7.5HIGH

Key Information:

Vendor
HP
Status
Icewall Sso Agent Option
Icewall Identity Manager
Vendor
CVE Published:
4 July 2016

Summary

The MultipartStream class in Apache Commons Fileupload, found in several versions of Apache Tomcat, is susceptible to a denial of service (DoS) attack. By leveraging a noticeably long boundary string, an attacker can consume excessive CPU resources, potentially causing application unresponsiveness or downtime. This vulnerability highlights the importance of input validation in file uploading mechanisms.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
third-party-advisoryx_refsource_JVNDB
https://security.netapp.com/advisory/ntap-20190212-0001/
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.