CVE-2016-3092

7.5 HIGH

Published: July 04, 2016 Modified: May 06, 2026

Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://jvn.jp/en/jp/JVN89379547/index.html

Source: secalert@redhat.com

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121

Source: secalert@redhat.com

VDB Entry Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html

Source: secalert@redhat.com

http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E

Source: secalert@redhat.com

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-2068.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2069.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2070.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2071.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2072.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2599.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2807.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2808.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2017-0457.html

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1743480

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1743722

Source: secalert@redhat.com

Vendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1743738

Source: secalert@redhat.com

Vendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1743742

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-9.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3609

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3611

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3614

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/91453

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1036427

Source: secalert@redhat.com

http://www.securitytracker.com/id/1036900

Source: secalert@redhat.com

http://www.securitytracker.com/id/1037029

Source: secalert@redhat.com

http://www.securitytracker.com/id/1039606

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-3024-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-3027-1

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0455

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:0456

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1349468

Source: secalert@redhat.com

Issue Tracking

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371

Source: secalert@redhat.com

Patch Permissions Required Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759

Source: secalert@redhat.com

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201705-09

Source: secalert@redhat.com

https://security.gentoo.org/glsa/202107-39

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20190212-0001/

Source: secalert@redhat.com

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: secalert@redhat.com

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

http://jvn.jp/en/jp/JVN89379547/index.html