CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.9271 (92.7%)
Percentile: 99.8%
EPSS: 2026-05-06
Affects
oracle:retail_applicationsapache:commons_fileuploadapache:tomcatTechnical description
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Published: 4/1/2014, 6:27:51 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://advisories.mageia.org/MGASA-2014-0110.html
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- http://jvn.jp/en/jp/JVN14876762/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
- http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E
- http://marc.info/?l=bugtraq&m=143136844732487&w=2
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://rhn.redhat.com/errata/RHSA-2014-0252.html