You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Hudson (JIRA)" <de...@myfaces.apache.org> on 2014/05/02 19:17:45 UTC
[jira] [Commented] (TOBAGO-1364) CVE-2014-0050 Apache Commons
FileUpload DoS
[ https://issues.apache.org/jira/browse/TOBAGO-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13987956#comment-13987956 ]
Hudson commented on TOBAGO-1364:
--------------------------------
FAILURE: Integrated in tobago-trunk #1173 (See [https://builds.apache.org/job/tobago-trunk/1173/])
TOBAGO-1364: CVE-2014-0050 Apache Commons FileUpload DoS (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1566686)
* /myfaces/tobago/trunk/pom.xml
> CVE-2014-0050 Apache Commons FileUpload DoS
> -------------------------------------------
>
> Key: TOBAGO-1364
> URL: https://issues.apache.org/jira/browse/TOBAGO-1364
> Project: MyFaces Tobago
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0.40, 2.0.0-alpha-3, 1.5.12
> Reporter: Dennis Kieselhorst
> Assignee: Udo Schnurpfeil
> Priority: Critical
> Fix For: 1.0.41, 1.5.13, 2.0.0-beta-1, 2.0.0
>
> Attachments: TOBAGO-1364.patch
>
>
> Specially crafted input can trigger a DoS if the buffer used by the MultipartStream is not big enough. The commons-fileupload dependency must be updated to 1.3.1 to fix this.
> - -------- Original-Nachricht --------
> Betreff: [SECURITY] CVE-2014-0050 Apache Commons FileUpload and
> Apache Tomcat DoS
> Datum: Thu, 06 Feb 2014 11:37:32 +0000
> Von: Mark Thomas <ma...@apache.org>
> An: Commons Users List <us...@commons.apache.org>, Tomcat Users List
> <us...@tomcat.apache.org>
> Kopie (CC): Commons Developers List <de...@commons.apache.org>, Tomcat
> Developers List <de...@tomcat.apache.org>,
> full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
> announce@apache.org, announce@tomcat.apache.org
> CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> - - Commons FileUpload 1.0 to 1.3
> - - Apache Tomcat 8.0.0-RC1 to 8.0.1
> - - Apache Tomcat 7.0.0 to 7.0.50
> - - Apache Tomcat 6 and earlier are not affected
> Apache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of
> Apache Commons FileUpload to implement the requirement of the Servlet
> 3.0 and later specifications to support the processing of
> mime-multipart requests. Tomcat 7 and 8 are therefore affected by this
> issue. While Tomcat 6 uses Commons FileUpload as part of the Manager
> application, access to that functionality is limited to authenticated
> administrators.
> Description:
> It is possible to craft a malformed Content-Type header for a
> multipart request that causes Apache Commons FileUpload to enter an
> infinite loop. A malicious user could, therefore, craft a malformed
> request that triggered a denial of service.
> This issue was reported responsibly to the Apache Software Foundation
> via JPCERT but an error in addressing an e-mail led to the unintended
> early disclosure of this issue[1].
> Mitigation:
> Users of affected versions should apply one of the following mitigations
> - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released
> - - Upgrade to Apache Tomcat 8.0.2 or later once released
> - - Upgrade to Apache Tomcat 7.0.51 or later once released
> - - Apply the appropriate patch
> - Commons FileUpload: http://svn.apache.org/r1565143
> - Tomcat 8: http://svn.apache.org/r1565163
> - Tomcat 7: http://svn.apache.org/r1565169
> - - Limit the size of the Content-Type header to less than 4091 bytes
> Credit:
> This issue was reported to the Apache Software Foundation via JPCERT.
> References:
> [1] http://markmail.org/message/kpfl7ax4el2owb3o
> [2] http://tomcat.apache.org/security-8.html
> [3] http://tomcat.apache.org/security-7.html
--
This message was sent by Atlassian JIRA
(v6.2#6252)