Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons fileupload vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Apache Commons Fileupload 1.0
Apache Commons Fileupload 1.1
Apache Commons Fileupload 1.1.1
Apache Commons Fileupload 1.2
Apache Commons Fileupload 1.2.1
Apache Commons Fileupload 1.2.2
2 Github repositories
NA
CVE-2023-24998
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Apache Commons Fileupload
Apache Commons Fileupload 1.0
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload prior to 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's ...
Oracle Retail Applications 12.0in
Oracle Retail Applications 13.0
Oracle Retail Applications 13.3
Oracle Retail Applications 13.2
Oracle Retail Applications 12.0
Oracle Retail Applications 14.0
Oracle Retail Applications 13.1
Oracle Retail Applications 13.4
Apache Tomcat 7.0.2
Apache Tomcat 7.0.49
Apache Tomcat 7.0.12
Apache Tomcat 7.0.20
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Commons Fileupload 1.2.2
Apache Tomcat 7.0.4
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
1 EDB exploit
3 Github repositories
5
CVSSv2
CVE-2017-1000394
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenk...
Jenkins Jenkins
NA
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
NA
CVE-2023-27901
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing malicious users to...
Jenkins Jenkins
4
CVSSv2
CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.
Hp Icewall Identity Manager 4.0
Hp Icewall Sso Password Reset Option 10.0
Hp Icewall Identity Manager 5.0
7.5
CVSSv2
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceC...
Apache Ofbiz
1 Github repository
NA
CVE-2023-42794
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 up to and including 9.0.80 and 8.5.85 up to and including 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of servic...
Apache Tomcat
NA
CVE-2022-4132
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
Dogtagpki Network Security Services For Java
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »