{"id":"CVE-2014-0050","details":"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.","aliases":["GHSA-xx68-jfcg-xmmf"],"modified":"2026-04-16T01:42:04.176754909Z","published":"2014-04-01T06:27:51Z","withdrawn":"2026-01-27T04:12:24.010624Z","related":["openSUSE-SU-2024:10262-1","openSUSE-SU-2024:10446-1","openSUSE-SU-2024:10620-1","openSUSE-SU-2024:13441-1"],"references":[{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2014-0110.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/57915"},{"type":"ADVISORY","url":"http://secunia.com/advisories/58075"},{"type":"ADVISORY","url":"http://secunia.com/advisories/58976"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59039"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59041"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59183"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59184"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59185"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59187"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59232"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59399"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59492"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59500"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59725"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60475"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60753"},{"type":"FIX","url":"http://tomcat.apache.org/security-7.html"},{"type":"FIX","url":"http://tomcat.apache.org/security-8.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-2856"},{"type":"ADVISORY","url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2130-1"},{"type":"ADVISORY","url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"type":"ADVISORY","url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"type":"ADVISORY","url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-39"},{"type":"EVIDENCE","url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"},{"type":"FIX","url":"http://svn.apache.org/r1565143"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337"},{"type":"WEB","url":"http://jvn.jp/en/jp/JVN14876762/index.html"},{"type":"WEB","url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"},{"type":"WEB","url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2"},{"type":"WEB","url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214"},{"type":"WEB","url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"},{"type":"WEB","url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"},{"type":"WEB","url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/65400"},{"type":"WEB","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"},{"type":"WEB","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"},{"type":"WEB","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"}],"schema_version":"1.7.3"}