Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache commons fileupload 1.0 vulnerabilities and exploits

(subscribe to this query)
3.3
CVSSv2
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Apache Commons Fileupload 1.0Apache Commons Fileupload 1.1Apache Commons Fileupload 1.1.1Apache Commons Fileupload 1.2Apache Commons Fileupload 1.2.1Apache Commons Fileupload 1.2.2
NA
CVE-2023-24998
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Apache Commons FileuploadApache Commons Fileupload 1.0Debian Debian Linux 9.0Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload prior to 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's ...
Oracle Retail Applications 12.0inOracle Retail Applications 13.0Oracle Retail Applications 13.3Oracle Retail Applications 13.2Oracle Retail Applications 12.0Oracle Retail Applications 14.0Oracle Retail Applications 13.1Oracle Retail Applications 13.4Apache Tomcat 7.0.2Apache Tomcat 7.0.49Apache Tomcat 7.0.12Apache Tomcat 7.0.20Apache Tomcat 7.0.34Apache Tomcat 7.0.8Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Commons Fileupload 1.2.2Apache Tomcat 7.0.4Apache Tomcat 7.0.22Apache Tomcat 7.0.39Apache Tomcat 7.0.26Apache Tomcat 7.0.46
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0Nghttp2 Nghttp2Netty NettyEnvoyproxy Envoy 1.27.0Envoyproxy Envoy 1.26.4Envoyproxy Envoy 1.25.9Envoyproxy Envoy 1.24.10Eclipse JettyCaddyserver CaddyGolang Http2Golang GoGolang NetworkingF5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook