CVE-2014-0050 in Oracle Communications Policy Managementinfo

Summary

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Reservation

12/03/2013

Disclosure

04/01/2014

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
92912Oracle Communications Policy Management Tomcat access control264AttackedOfficial fixCVE-2014-0050
80534Oracle Communications Service Broker Engineered System Edition access control264AttackedOfficial fixCVE-2014-0050
80533Oracle Communications Service Broker access control264AttackedOfficial fixCVE-2014-0050
80532Oracle Communications Online Mediation Controller access control264AttackedOfficial fixCVE-2014-0050
80531Oracle Communications Converged Application Server - Service Controller access control264AttackedOfficial fixCVE-2014-0050
78630Oracle Retail Returns Management: access control264AttackedOfficial fixCVE-2014-0050
78629Oracle Retail Central Office access control264AttackedOfficial fixCVE-2014-0050
78628Oracle Retail Back Office access control264AttackedOfficial fixCVE-2014-0050
74886Oracle WebCenter Sites MultipartStream.java access control264AttackedOfficial fixCVE-2014-0050
67916Oracle Health Sciences Empirica Study Tomcat File Upload access control264AttackedOfficial fixCVE-2014-0050
67915Oracle Health Sciences Empirica Signal Tomcat File Upload access control264AttackedOfficial fixCVE-2014-0050
67914Oracle Health Sciences Empirica Inspections Tomcat File Upload access control264AttackedOfficial fixCVE-2014-0050
67876Oracle Endeca Information Discovery Studio access control264AttackedOfficial fixCVE-2014-0050
67844Oracle Database Application Express access control264AttackedOfficial fixCVE-2014-0050
12209Apache Commons FileUpload Content-Type Header for Multi-Part Request MultipartStream.java access control264AttackedOfficial fixCVE-2014-0050

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!