Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache commons fileupload vulnerabilities and exploits

(subscribe to this query)

3.3
CVSSv2
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack....
Apache Commons Fileupload 1.0Apache Commons Fileupload 1.1Apache Commons Fileupload 1.1.1Apache Commons Fileupload 1.2Apache Commons Fileupload 1.2.1Apache Commons Fileupload 1.2.2
NA
CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new...
Apache Commons FileuploadApache Commons Fileupload 1.0
7.5
CVSSv2
CVE-2016-1000031
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...
Apache Commons Fileupload
7.5
CVSSv2
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's...
Oracle Retail Applications 12.0Oracle Retail Applications 12.0inOracle Retail Applications 13.2Oracle Retail Applications 13.3Oracle Retail Applications 13.4Oracle Retail Applications 14.0Oracle Retail Applications 13.0Oracle Retail Applications 13.1Apache Tomcat 7.0.0Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.29Apache Tomcat 7.0.3Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.50Apache Tomcat 7.0.6Apache Tomcat 8.0.0Apache Commons Fileupload 1.0Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.19Apache Tomcat 7.0.2Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.4Apache Tomcat 7.0.40Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.9Apache Commons Fileupload 1.2Apache Commons Fileupload 1.2.1Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.20Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.49Apache Tomcat 7.0.5Apache Tomcat 8.0.1Apache Commons Fileupload 1.2.2Apache Commons FileuploadApache Tomcat 7.0.1Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Commons Fileupload 1.1Apache Commons Fileupload 1.1.1
7.8
CVSSv2
CVE-2016-3092
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long...
Hp Icewall Sso Agent Option 10.0Hp Icewall Identity Manager 5.0Apache Tomcat 9.0.0Apache Tomcat 8.0.32Apache Tomcat 8.0.3Apache Tomcat 8.0.30Apache Tomcat 8.0.22Apache Tomcat 8.0.21Apache Tomcat 8.0.11Apache Tomcat 8.0.1Apache Tomcat 8.0.8Apache Tomcat 8.0.5Apache Tomcat 8.0.27Apache Tomcat 8.0.26Apache Tomcat 8.0.17Apache Tomcat 8.0.15Apache Tomcat 8.0.0Apache Tomcat 8.0.35Apache Tomcat 8.0.33Apache Tomcat 8.0.24Apache Tomcat 8.0.23Apache Tomcat 8.0.14Apache Tomcat 8.0.12Apache Tomcat 8.0.29Apache Tomcat 8.0.28Apache Tomcat 8.0.20Apache Tomcat 8.0.18Debian Debian Linux 8.0Apache Tomcat 8.5.2Apache Tomcat 8.5.0Apache Commons FileuploadCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Apache Tomcat 7.0.65Apache Tomcat 7.0.64Apache Tomcat 7.0.55Apache Tomcat 7.0.54Apache Tomcat 7.0.53Apache Tomcat 7.0.52Apache Tomcat 7.0.61Apache Tomcat 7.0.6Apache Tomcat 7.0.59Apache Tomcat 7.0.5Apache Tomcat 7.0.47Apache Tomcat 7.0.37Apache Tomcat 7.0.35Apache Tomcat 7.0.26Apache Tomcat 7.0.25Apache Tomcat 7.0.19Apache Tomcat 7.0.16Apache Tomcat 7.0.0Apache Tomcat 7.0.8Apache Tomcat 7.0.67Apache Tomcat 7.0.57Apache Tomcat 7.0.56Apache Tomcat 7.0.42Apache Tomcat 7.0.41Apache Tomcat 7.0.34Apache Tomcat 7.0.33Apache Tomcat 7.0.23Apache Tomcat 7.0.22Apache Tomcat 7.0.14Apache Tomcat 7.0.12Apache Tomcat 7.0.40Apache Tomcat 7.0.4Apache Tomcat 7.0.32Apache Tomcat 7.0.30Apache Tomcat 7.0.21Apache Tomcat 7.0.20Apache Tomcat 7.0.11Apache Tomcat 7.0.10Apache Tomcat 7.0.69Apache Tomcat 7.0.68Apache Tomcat 7.0.63Apache Tomcat 7.0.62Apache Tomcat 7.0.50Apache Tomcat 7.0.39Apache Tomcat 7.0.29Apache Tomcat 7.0.28Apache Tomcat 7.0.27Apache Tomcat 7.0.2Apache Tomcat 7.0.1
7.5
CVSSv2
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter...
Apache Ofbiz
4
CVSSv2
CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors....
Hp Icewall Identity Manager 4.0Hp Icewall Sso Password Reset Option 10.0Hp Icewall Identity Manager 5.0
NA
CVE-2023-27901
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of...
Jenkins Jenkins
NA
CVE-2023-27900
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of...
Jenkins Jenkins
7.5
CVSSv2
CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance....
Redhat Jboss Enterprise Brms Platform 5.3.1Redhat Jboss Enterprise Web Server 1.0.2Redhat Jboss Enterprise Portal Platform 6.0.0Redhat OpenshiftRedhat Jboss Enterprise Portal Platform 5.2.2Redhat Jboss Enterprise Portal Platform 4.3.0Ubuntu Ubuntu 10.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-5172CVE-2023-44023CVE-2023-30845elevation of privilegeinjectionCVE-2023-43234CVE-2023-41991cross-site request forgeryseacmsCVE-2023-5197
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook