SecurityvulnsSECURITYVULNS:DOC:30435[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
-
- Commons FileUpload 1.0 to 1.3
-
- Apache Tomcat 8.0.0-RC1 to 8.0.1
-
- Apache Tomcat 7.0.0 to 7.0.50
-
- Apache Tomcat 6 and earlier are not affected
Apache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of
Apache Commons FileUpload to implement the requirement of the Servlet
3.0 and later specifications to support the processing of
mime-multipart requests. Tomcat 7 and 8 are therefore affected by this
issue. While Tomcat 6 uses Commons FileUpload as part of the Manager
application, access to that functionality is limited to authenticated
administrators.
Description:
It is possible to craft a malformed Content-Type header for a
multipart request that causes Apache Commons FileUpload to enter an
infinite loop. A malicious user could, therefore, craft a malformed
request that triggered a denial of service.
This issue was reported responsibly to the Apache Software Foundation
via JPCERT but an error in addressing an e-mail led to the unintended
early disclosure of this issue[1].
Mitigation:
Users of affected versions should apply one of the following mitigations
-
- Upgrade to Apache Commons FileUpload 1.3.1 or later once released
-
- Upgrade to Apache Tomcat 8.0.2 or later once released
-
- Upgrade to Apache Tomcat 7.0.51 or later once released
-
- Apply the appropriate patch
- Commons FileUpload: http://svn.apache.org/r1565143
- Tomcat 8: http://svn.apache.org/r1565163
- Tomcat 7: http://svn.apache.org/r1565169
-
- Limit the size of the Content-Type header to less than 4091 bytes
Credit:
This issue was reported to the Apache Software Foundation via JPCERT.
References:
[1] http://markmail.org/message/kpfl7ax4el2owb3o
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJS83P8AAoJEBDAHFovYFnnbOwP/0m80St7x63n6VCiR0aGuGLz
/J004spHfbc+vtg2RumObBTX6mSfvPgO2R4FzE17Etg8QtWreoxb7kjnVXUwjdMX
nb3Yt6IY1yBW1K+YcZRziOQXkRnnjnpC7Lh2o5eqpJ1S7wpXl5PBIXYSxMAsJCuv
axFA0aq5cc17uDAH1z6DPk4149oZz2lHdlBUTTkCh/0PrvcIFxwpej75gUfyaV0y
DGZLs3IpRYcJMS131q72DUt9wBsIqJN0mqUOq2svBS3mlXBcKDjy21b8QiEr8itK
UqwsYUtOZP4nZ4u8j6euxF2fC/ivm/930OGOl9pn2SbkoHJKm/4rz2GYDA9jq07K
XEDeGdTx3ZuDaTaBER8xquETRZ/Rb8dbBxQwzmo6doJNOjsMQFlR+1F+p56AhYd0
klbT6Q7i/Ic3BdRJkUpaYshhtXeAOnH+0u9j4kRXMgJbkMgOacopomFX6HoXr9/i
RHGbwwSZViLooR88Yg0FU2230+9mJLXxaJ6usHrtq4dS9ElSV320OCyisNjMX5hi
5SFYMSy+z0nsK2O6yCzlukztoFhvaNecvy3I8w5EKytweyFlPzxXn6QpQjG+ffb5
ql7TZRrApiaewp4crzBcZSAjDzRNiQpcI2xTTN/H9u/yk8lrhOULi4pljKCudvmM
eIWblFdpoPVl0iqvsXA9
=uzLf
-----END PGP SIGNATURE-----
Related
