Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons fileupload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Apache Commons Fileupload 1.0
Apache Commons Fileupload 1.1
Apache Commons Fileupload 1.1.1
Apache Commons Fileupload 1.2
Apache Commons Fileupload 1.2.1
Apache Commons Fileupload 1.2.2
2 Github repositories
7.5
CVSSv3
CVE-2023-24998
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Apache Commons Fileupload
Apache Commons Fileupload 1.0
Debian Debian Linux 9.0
Debian Debian Linux 11.0
NA
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload prior to 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's ...
Oracle Retail Applications 12.0in
Oracle Retail Applications 13.0
Oracle Retail Applications 13.3
Oracle Retail Applications 13.2
Oracle Retail Applications 12.0
Oracle Retail Applications 14.0
Oracle Retail Applications 13.1
Oracle Retail Applications 13.4
Apache Tomcat 7.0.2
Apache Tomcat 7.0.49
Apache Tomcat 7.0.12
Apache Tomcat 7.0.20
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Commons Fileupload 1.2.2
Apache Tomcat 7.0.4
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
1 EDB exploit
3 Github repositories
7.5
CVSSv3
CVE-2017-1000394
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenk...
Jenkins Jenkins
7.5
CVSSv3
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
7.5
CVSSv3
CVE-2023-27901
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing malicious users to...
Jenkins Jenkins
NA
CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.
Hp Icewall Identity Manager 4.0
Hp Icewall Sso Password Reset Option 10.0
Hp Icewall Identity Manager 5.0
9.8
CVSSv3
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceC...
Apache Ofbiz
1 Github repository
5.9
CVSSv3
CVE-2023-42794
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 up to and including 9.0.80 and 8.5.85 up to and including 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of servic...
Apache Tomcat
5.9
CVSSv3
CVE-2022-4132
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
Dogtagpki Network Security Services For Java
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »