What is CVE-2014-0050?

CVE-2014-0050 is a vulnerability in Apache Commons_fileupload, classified under CWE-264. Published 2014-04-01.

Is CVE-2014-0050 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Commons_fileupload

CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type he…

EPSS: 0.927 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Commons_fileupload — versions 1.0, 1.1, 1.1.1
Apache Tomcat — versions 7.0.0, 7.0.1, 7.0.2
Oracle Retail_applications — versions 12.0, 12.0in, 13.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
JVN#14876762 (x_refsource_JVN, third-party-advisory)
HPSBGN03329 (x_refsource_HP, vendor-advisory)
60753 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
59184 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-2856 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2014-0050?: CVE-2014-0050 is a vulnerability in Apache Commons_fileupload, classified under CWE-264. Published 2014-04-01.
Is CVE-2014-0050 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.