FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache Commons FileUpload -- denial of service

Affected packages
0 <= tomcat
tomcat7 < 7.0.70
tomcat8 < 8.0.36
apache-struts <= 2.5.2

Details

VuXML ID 61b8c359-4aab-11e6-a7bd-14dae9d210b8
Discovery 2016-06-21
Entry 2016-07-15
Modified 2017-03-18

Jochen Wiedmann reports:

A malicious client can send file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

References

CVE Name CVE-2016-3092
URL http://jvn.jp/en/jp/JVN89379547/index.html
URL http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E