fkie_cve-2014-0050
Vulnerability from fkie_nvd
Published
2014-04-01 06:27
Modified
2025-04-12 10:46
Severity ?
Summary
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0110.html
secalert@redhat.comhttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlExploit
secalert@redhat.comhttp://jvn.jp/en/jp/JVN14876762/index.html
secalert@redhat.comhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
secalert@redhat.comhttp://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=143136844732487&w=2
secalert@redhat.comhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0252.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0253.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0400.html
secalert@redhat.comhttp://seclists.org/fulldisclosure/2014/Dec/23
secalert@redhat.comhttp://secunia.com/advisories/57915
secalert@redhat.comhttp://secunia.com/advisories/58075
secalert@redhat.comhttp://secunia.com/advisories/58976
secalert@redhat.comhttp://secunia.com/advisories/59039
secalert@redhat.comhttp://secunia.com/advisories/59041
secalert@redhat.comhttp://secunia.com/advisories/59183
secalert@redhat.comhttp://secunia.com/advisories/59184
secalert@redhat.comhttp://secunia.com/advisories/59185
secalert@redhat.comhttp://secunia.com/advisories/59187
secalert@redhat.comhttp://secunia.com/advisories/59232
secalert@redhat.comhttp://secunia.com/advisories/59399
secalert@redhat.comhttp://secunia.com/advisories/59492
secalert@redhat.comhttp://secunia.com/advisories/59500
secalert@redhat.comhttp://secunia.com/advisories/59725
secalert@redhat.comhttp://secunia.com/advisories/60475
secalert@redhat.comhttp://secunia.com/advisories/60753
secalert@redhat.comhttp://svn.apache.org/r1565143Patch
secalert@redhat.comhttp://tomcat.apache.org/security-7.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://tomcat.apache.org/security-8.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21669554
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21675432
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676092
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676401
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676403
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676405
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676410
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676656
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676853
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21677691
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21677724
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681214
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2856
secalert@redhat.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
secalert@redhat.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
secalert@redhat.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
secalert@redhat.comhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:084
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/532549/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/534161/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/65400
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2130-1
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2014-0007.html
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2014-0008.html
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2014-0012.html
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1062337
secalert@redhat.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
secalert@redhat.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
secalert@redhat.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
secalert@redhat.comhttps://security.gentoo.org/glsa/202107-39
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0110.html
af854a3a-2127-422b-91ae-364da2661108http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN14876762/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143136844732487&w=2
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0252.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0253.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0400.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Dec/23
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57915
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58075
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58976
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59039
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59041
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59184
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59185
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59187
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59232
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59399
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59492
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59500
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59725
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60475
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60753
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/r1565143Patch
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-7.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-8.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21669554
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21675432
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676091
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676092
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676401
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676403
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676405
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676410
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676656
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676853
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21677691
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21677724
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681214
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2856
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/532549/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/534161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65400
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2130-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2014-0007.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2014-0008.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2014-0012.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1062337
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-39
Impacted products
Vendor Product Version
oracle retail_applications 12.0
oracle retail_applications 12.0in
oracle retail_applications 13.0
oracle retail_applications 13.1
oracle retail_applications 13.2
oracle retail_applications 13.3
oracle retail_applications 13.4
oracle retail_applications 14.0
apache commons_fileupload *
apache commons_fileupload 1.0
apache commons_fileupload 1.1
apache commons_fileupload 1.1.1
apache commons_fileupload 1.2
apache commons_fileupload 1.2.1
apache commons_fileupload 1.2.2
apache tomcat 7.0.0
apache tomcat 7.0.0
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.2
apache tomcat 7.0.3
apache tomcat 7.0.4
apache tomcat 7.0.4
apache tomcat 7.0.5
apache tomcat 7.0.6
apache tomcat 7.0.7
apache tomcat 7.0.8
apache tomcat 7.0.9
apache tomcat 7.0.10
apache tomcat 7.0.11
apache tomcat 7.0.12
apache tomcat 7.0.13
apache tomcat 7.0.14
apache tomcat 7.0.15
apache tomcat 7.0.16
apache tomcat 7.0.17
apache tomcat 7.0.18
apache tomcat 7.0.19
apache tomcat 7.0.20
apache tomcat 7.0.21
apache tomcat 7.0.22
apache tomcat 7.0.23
apache tomcat 7.0.24
apache tomcat 7.0.25
apache tomcat 7.0.26
apache tomcat 7.0.27
apache tomcat 7.0.28
apache tomcat 7.0.29
apache tomcat 7.0.30
apache tomcat 7.0.31
apache tomcat 7.0.32
apache tomcat 7.0.33
apache tomcat 7.0.34
apache tomcat 7.0.35
apache tomcat 7.0.36
apache tomcat 7.0.37
apache tomcat 7.0.38
apache tomcat 7.0.39
apache tomcat 7.0.40
apache tomcat 7.0.41
apache tomcat 7.0.42
apache tomcat 7.0.43
apache tomcat 7.0.44
apache tomcat 7.0.45
apache tomcat 7.0.46
apache tomcat 7.0.47
apache tomcat 7.0.48
apache tomcat 7.0.49
apache tomcat 7.0.50
apache tomcat 8.0.0
apache tomcat 8.0.0
apache tomcat 8.0.0
apache tomcat 8.0.0
apache tomcat 8.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2141D8D6-1899-49A2-85C7-4E1ACA411663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*",
              "matchCriteriaId": "98176890-C14E-4E0F-878D-8B7CDDF36389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31C4B61-0A82-4ADC-8DE3-E291B06694AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDCBCD1-583C-4039-AFA3-0136F9E8F46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D95173-F331-4886-A312-2122B74A28FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6953917-DD9F-40DE-A9B2-0D3464F7864B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BDD825-2CC8-4164-A895-5AC00F122F4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D1D695F-15EF-4CDE-98C4-91E9D3D5188A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5CFCD3-1E1E-4A9E-B0D8-1DA505BC426A",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15B6651-DC03-4403-BA24-847509A818C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E0CBD8-A3CA-46D2-92ED-FBD3E0B34984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EAAFFAF-4570-4520-A204-03CA6B25CEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419F6EC-7A3D-483E-8331-8BAC8546F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C5F883-306F-4CEE-A56F-5B697962AB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6318E461-47A6-40F5-ACB6-A5B7DD19CCA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8FF71D-4710-4FBB-9925-A6A26C450F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "7144EDDF-8265-4642-8EEB-ED52527E0A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF06B5C1-B9DD-4673-A101-56E1E593ACDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D850EA-E537-42C8-93B9-96E15CB26747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "E037DA05-2BEF-4F64-B8BB-307247B6A05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCAF1EB5-FB34-40FC-96ED-9D073890D8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "D395D95B-1F4A-420E-A0F6-609360AF7B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD221BA-0AB6-4972-8AD9-5D37AC07762F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B6565-96CB-4F6A-9A80-C3FB82F30546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3300AFE-49A4-4904-B9A0-5679F09FA01E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5125CC-05F9-4678-90DB-A5C7CD24AE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B904C74-B92E-4EAE-AE6C-78E2B844C3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6109D1-BC36-40C5-A02A-7AEBC949BAC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8A7333-B4C3-4876-AE01-62F2FD315504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "92993E23-D805-407B-8B87-11CEEE8B212F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A11BD74-305C-41E2-95B1-5008EEF5FA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "595442D0-9DB7-475A-AE30-8535B70E122E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0BA92A-0BD3-4CE4-9465-95E949104BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C947E549-2459-4AFB-84A7-36BDA30B5F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4752862B-7D26-4285-B8A0-CF082C758353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "58EA7199-3373-4F97-9907-3A479A02155E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4693BD36-E522-4C8E-9667-8F3E14A05EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2BBBC5EA-012C-4C5D-A61B-BAF134B300DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A358FDF-C249-4D7A-9445-8B9E7D9D40AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions."
    },
    {
      "lang": "es",
      "value": "MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle."
    }
  ],
  "evaluatorComment": "The previous CVSS assessment ( Base Score: 5.0 -  AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time.  The score has been updated to reflect the impact to Oracle products per \u003ca href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\u003e Oracle Critical Patch Update Advisory - October 2015 \u003c/a\u003e. Other products listed as vulnerable may or may not be similarly impacted.",
  "id": "CVE-2014-0050",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-01T06:27:51.373",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0110.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvn.jp/en/jp/JVN14876762/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0252.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0253.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57915"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/58075"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/58976"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59039"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59184"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59185"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59187"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59232"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59399"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59492"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59725"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60475"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60753"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/r1565143"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2856"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/65400"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2130-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/202107-39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN14876762/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0252.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0253.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/r1565143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2130-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202107-39"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.