MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loops intended exit conditions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Retail_applications | Oracle | 12.0 (including) | 12.0 (including) |
| Retail_applications | Oracle | 12.0in (including) | 12.0in (including) |
| Retail_applications | Oracle | 13.0 (including) | 13.0 (including) |
| Retail_applications | Oracle | 13.1 (including) | 13.1 (including) |
| Retail_applications | Oracle | 13.2 (including) | 13.2 (including) |
| Retail_applications | Oracle | 13.3 (including) | 13.3 (including) |
| Retail_applications | Oracle | 13.4 (including) | 13.4 (including) |
| Retail_applications | Oracle | 14.0 (including) | 14.0 (including) |