CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loops intended exit conditions.

Affected Software

Name	Vendor	Start Version	End Version
Retail_applications	Oracle	12.0 (including)	12.0 (including)
Retail_applications	Oracle	12.0in (including)	12.0in (including)
Retail_applications	Oracle	13.0 (including)	13.0 (including)
Retail_applications	Oracle	13.1 (including)	13.1 (including)
Retail_applications	Oracle	13.2 (including)	13.2 (including)
Retail_applications	Oracle	13.3 (including)	13.3 (including)
Retail_applications	Oracle	13.4 (including)	13.4 (including)
Retail_applications	Oracle	14.0 (including)	14.0 (including)
Fuse ESB Enterprise 7.1.0	RedHat		*
Fuse Management Console 7.1.0	RedHat		*
Fuse MQ Enterprise 7.1.0	RedHat		*
Red Hat Enterprise Linux 6	RedHat	tomcat6-0:6.0.24-64.el6_5	*
Red Hat JBoss A-MQ 6.1	RedHat		*
Red Hat JBoss BPMS 6.0	RedHat	jbossweb	*
Red Hat JBoss BRMS 6.0	RedHat	jbossweb	*
Red Hat JBoss Enterprise Application Platform 6.2	RedHat	jbossweb	*
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	RedHat	jbossweb-0:7.3.0-2.Final_redhat_2.1.ep6.el5	*
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6	RedHat	jbossweb-0:7.3.0-2.Final_redhat_2.1.ep6.el6	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 5	RedHat	tomcat6-0:6.0.37-19_patch_04.ep6.el5	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 5	RedHat	tomcat7-0:7.0.40-13_patch_02.ep6.el5	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 6	RedHat	tomcat6-0:6.0.37-27_patch_04.ep6.el6	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 6	RedHat	tomcat7-0:7.0.40-9_patch_02.ep6.el6	*
Red Hat JBoss Fuse 6.1	RedHat		*
Red Hat JBoss Fuse Service Works 6.0	RedHat	jbossweb	*
Red Hat JBoss Operations Network 3.2	RedHat		*
Red Hat JBoss Portal 6.2	RedHat	jbossweb	*
Red Hat JBoss Web Server 2.0	RedHat	tomcat7	*
Red Hat JBoss Web Server 2.0	RedHat	tomcat6	*
Libcommons-fileupload-java	Ubuntu	lucid	*
Libcommons-fileupload-java	Ubuntu	precise	*
Libcommons-fileupload-java	Ubuntu	quantal	*
Libcommons-fileupload-java	Ubuntu	saucy	*
Libcommons-fileupload-java	Ubuntu	trusty	*
Libcommons-fileupload-java	Ubuntu	upstream	*
Libcommons-fileupload-java	Ubuntu	utopic	*
Tomcat7	Ubuntu	precise	*
Tomcat7	Ubuntu	quantal	*
Tomcat7	Ubuntu	saucy	*
Tomcat7	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0050
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References