CVE-2016-3092

critical-risk
Published 2016-07-04

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Do I need to act?

!
33.9% chance of exploitation in next 30 days
EPSS score — higher than 66% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Apache Debian Canonical Hp

References (98)

Vendor Advisory http://jvn.jp/en/jp/JVN89379547/index.html
VDB Entry http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Mailing List http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq...
http://rhn.redhat.com/errata/RHSA-2016-2068.html
http://rhn.redhat.com/errata/RHSA-2016-2069.html
http://rhn.redhat.com/errata/RHSA-2016-2070.html
http://rhn.redhat.com/errata/RHSA-2016-2071.html
http://rhn.redhat.com/errata/RHSA-2016-2072.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://rhn.redhat.com/errata/RHSA-2016-2807.html
http://rhn.redhat.com/errata/RHSA-2016-2808.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://svn.apache.org/viewvc?view=revision&revision=1743480
Vendor Advisory http://svn.apache.org/viewvc?view=revision&revision=1743722
Vendor Advisory http://svn.apache.org/viewvc?view=revision&revision=1743738
Vendor Advisory http://svn.apache.org/viewvc?view=revision&revision=1743742
Vendor Advisory http://tomcat.apache.org/security-7.html
Vendor Advisory http://tomcat.apache.org/security-8.html
Vendor Advisory http://tomcat.apache.org/security-9.html
and 78 more references
72
/ 100
critical-risk
Severity 26/34 · High
Exploitability 16/34 · Moderate
Exposure 30/34 · Critical