Denial of Service via Crafted Content-Type Header in MultipartStream.java

Denial of Service via Crafted Content-Type Header in MultipartStream.java

CVE-2014-0050 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Learn more about our Cis Benchmark Audit For Apache Http Server.