Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
CVE-2023-24998

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Commons Fileupload; Apache Tomcat
Vendor: CVE Published:; 20 February 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Apache Commons FileUpload before version 1.5 is susceptible to a Denial of Service attack due to its failure to restrict the number of parts processed in a request. This oversight allows an attacker to exploit the system by making malicious uploads or sending a series of uploads, potentially overwhelming the application. Additionally, the new configuration option, FileUploadBase#setFileCountMax, which addresses this issue by limiting the number of request parts, is not enabled by default and requires explicit configuration to safeguard against these attacks.

Affected Version(s)

Apache Commons FileUpload 0 < 1.5

Apache Tomcat 11.0.0-M1

Apache Tomcat 10.0.0-M1 <= 10.1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-24998
Created by nice1st

References

https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjr...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/05/22/1

https://security.gentoo.org/glsa/202305-37

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 29, 2023
👾
Exploit known to exist
Mar 29, 2023
Vulnerability published
Feb 20, 2023
Vulnerability Reserved
Feb 1, 2023

Credit

Jakob Ackermann