CVE-2014-0050

Severity

75%

Complexity

99%

Confidentiality

106%

. Other products listed as vulnerable may or may not be similarly impacted. Oracle Critical Patch Update Advisory - October 2015

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

. Other products listed as vulnerable may or may not be similarly impacted. Oracle Critical Patch Update Advisory - October 2015

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-04-01 06:27:00

Last updated 6 years ago

2018-10-09 19:35:00

Affected Software

Oracle Retail Applications 12.0

12.0

Oracle Retail Applications 12.0IN

12.0in

Oracle Retail Applications 13.0

13.0

Oracle Retail Applications 13.1

13.1

Oracle Retail Applications 13.2

13.2

Oracle Retail Applications 13.3

13.3

Oracle Retail Applications 13.4

13.4

Oracle Retail Applications 14.0

14.0

Apache Software Foundation Commons FileUpload 1.0

1.0

Apache Software Foundation Commons FileUpload 1.1

1.1

Apache Software Foundation Commons FileUpload 1.1.1

1.1.1

Apache Software Foundation Commons FileUpload 1.2

1.2

Apache Software Foundation Commons FileUpload 1.2.1

1.2.1

Apache Software Foundation Commons FileUpload 1.2.2

1.2.2

Apache Software Foundation Tomcat 7.0.0

7.0.0

Apache Software Foundation Tomcat 7.0.0 beta

7.0.0

Apache Software Foundation Tomcat 7.0.1

7.0.1

Apache Software Foundation Tomcat 7.0.2

7.0.2

Apache Software Foundation Tomcat 7.0.2 beta

7.0.2

Apache Software Foundation Tomcat 7.0.3

7.0.3

Apache Software Foundation Tomcat 7.0.4

7.0.4

Apache Software Foundation Tomcat 7.0.4 beta

7.0.4

Apache Software Foundation Tomcat 7.0.5

7.0.5

Apache Software Foundation Tomcat 7.0.6

7.0.6

Apache Software Foundation Tomcat 7.0.7

7.0.7

Apache Software Foundation Tomcat 7.0.8

7.0.8

Apache Software Foundation Tomcat 7.0.9

7.0.9

Apache Software Foundation Tomcat 7.0.10

7.0.10

Apache Software Foundation Tomcat 7.0.11

7.0.11

Apache Software Foundation Tomcat 7.0.12

7.0.12

Apache Software Foundation Tomcat 7.0.13

7.0.13

Apache Software Foundation Tomcat 7.0.14

7.0.14

Apache Software Foundation Tomcat 7.0.15

7.0.15

Apache Software Foundation Tomcat 7.0.16

7.0.16

Apache Software Foundation Tomcat 7.0.17

7.0.17

Apache Software Foundation Tomcat 7.0.18

7.0.18

Apache Software Foundation Tomcat 7.0.19

7.0.19

Apache Software Foundation Tomcat 7.0.20

7.0.20

Apache Software Foundation Tomcat 7.0.21

7.0.21

Apache Software Foundation Tomcat 7.0.22

7.0.22

Apache Software Foundation Tomcat 7.0.23

7.0.23

Apache Software Foundation Tomcat 7.0.24

7.0.24

Apache Software Foundation Tomcat 7.0.25

7.0.25

Apache Software Foundation Tomcat 7.0.26

7.0.26

Apache Software Foundation Tomcat 7.0.27

7.0.27

Apache Software Foundation Tomcat 7.0.28

7.0.28

Apache Software Foundation Tomcat 7.0.29

7.0.29

Apache Software Foundation Tomcat 7.0.30

7.0.30

Apache Software Foundation Tomcat 7.0.31

7.0.31

Apache Software Foundation Tomcat 7.0.32

7.0.32

Apache Software Foundation Tomcat 7.0.33

7.0.33

Apache Software Foundation Tomcat 7.0.34

7.0.34

Apache Software Foundation Tomcat 7.0.35

7.0.35

Apache Software Foundation Tomcat 7.0.36

7.0.36

Apache Software Foundation Tomcat 7.0.37

7.0.37

Apache Software Foundation Tomcat 7.0.38

7.0.38

Apache Software Foundation Tomcat 7.0.39

7.0.39

Apache Software Foundation Tomcat 7.0.40

7.0.40

Apache Software Foundation Tomcat 7.0.41

7.0.41

Apache Software Foundation Tomcat 7.0.42

7.0.42

Apache Software Foundation Tomcat 7.0.43

7.0.43

Apache Software Foundation Tomcat 7.0.44

7.0.44

Apache Software Foundation Tomcat 7.0.45

7.0.45

Apache Software Foundation Tomcat 7.0.46

7.0.46

Apache Software Foundation Tomcat 7.0.47

7.0.47

Apache Software Foundation Tomcat 7.0.48

7.0.48

Apache Software Foundation Tomcat 7.0.49

7.0.49

Apache Software Foundation Tomcat 7.0.50

7.0.50

Apache Software Foundation Tomcat 8.0.0 Release Candidate 1

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 10

8.0.0

Apache Software Foundation Tomcat 8.0.0 Release Candidate 2

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 5

8.0.0

Apache Software Foundation Tomcat 8.0.1

8.0.1

References

http://advisories.mageia.org/MGASA-2014-0110.html

http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

Exploit

JVN#14876762

JVNDB-2014-000017

[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

HPSBGN03329

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

RHSA-2014:0252

RHSA-2014:0253

RHSA-2014:0400

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

57915

58075

58976

59039

59041

59183

59184

59185

59187

59232

59399

59492

59500

59725

60475

60753

http://svn.apache.org/r1565143

Patch

http://tomcat.apache.org/security-7.html

Patch, Vendor Advisory

http://tomcat.apache.org/security-8.html

Patch, Vendor Advisory

DSA-2856

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

MDVSA-2015:084

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

65400

USN-2130-1

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=swg21669554

http://www-01.ibm.com/support/docview.wss?uid=swg21675432

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

http://www-01.ibm.com/support/docview.wss?uid=swg21676401

http://www-01.ibm.com/support/docview.wss?uid=swg21676403

http://www-01.ibm.com/support/docview.wss?uid=swg21676405

http://www-01.ibm.com/support/docview.wss?uid=swg21676410

http://www-01.ibm.com/support/docview.wss?uid=swg21676656

http://www-01.ibm.com/support/docview.wss?uid=swg21676853

http://www-01.ibm.com/support/docview.wss?uid=swg21677691

http://www-01.ibm.com/support/docview.wss?uid=swg21677724

http://www-01.ibm.com/support/docview.wss?uid=swg21681214

https://bugzilla.redhat.com/show_bug.cgi?id=1062337

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.