myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1364) CVE-2014-0050 Apache Commons FileUpload DoS
Date Thu, 13 Mar 2014 02:43:50 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13932809#comment-13932809
] 

Hudson commented on TOBAGO-1364:
--------------------------------

FAILURE: Integrated in tobago-1.0.x #757 (See [https://builds.apache.org/job/tobago-1.0.x/757/])
TOBAGO-1364: CVE-2014-0050 Apache Commons FileUpload DoS (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1576307)
* /myfaces/tobago/branches/tobago-1.0.x/pom.xml


> CVE-2014-0050 Apache Commons FileUpload DoS
> -------------------------------------------
>
>                 Key: TOBAGO-1364
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1364
>             Project: MyFaces Tobago
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0.40, 2.0.0-alpha-3, 1.5.12
>            Reporter: Dennis Kieselhorst
>            Assignee: Udo Schnurpfeil
>            Priority: Critical
>             Fix For: 1.0.41, 1.5.13, 2.0.0-beta-1, 2.0.0
>
>         Attachments: TOBAGO-1364.patch
>
>
> Specially crafted input can trigger a DoS if the buffer used by the MultipartStream is
not big enough. The commons-fileupload dependency must be updated to 1.3.1 to fix this.
> - -------- Original-Nachricht --------
> Betreff:     [SECURITY] CVE-2014-0050 Apache Commons FileUpload and
> Apache Tomcat DoS
> Datum:     Thu, 06 Feb 2014 11:37:32 +0000
> Von:     Mark Thomas <markt@apache.org>
> An:     Commons Users List <user@commons.apache.org>, Tomcat Users List
> <users@tomcat.apache.org>
> Kopie (CC):     Commons Developers List <dev@commons.apache.org>, Tomcat
> Developers List <dev@tomcat.apache.org>,
> full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
> announce@apache.org, announce@tomcat.apache.org
> CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> - - Commons FileUpload 1.0 to 1.3
> - - Apache Tomcat 8.0.0-RC1 to 8.0.1
> - - Apache Tomcat 7.0.0 to 7.0.50
> - - Apache Tomcat 6 and earlier are not affected
> Apache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of
> Apache Commons FileUpload to implement the requirement of the Servlet
> 3.0 and later specifications to support the processing of
> mime-multipart requests. Tomcat 7 and 8 are therefore affected by this
> issue. While Tomcat 6 uses Commons FileUpload as part of the Manager
> application, access to that functionality is limited to authenticated
> administrators.
> Description:
> It is possible to craft a malformed Content-Type header for a
> multipart request that causes Apache Commons FileUpload to enter an
> infinite loop. A malicious user could, therefore, craft a malformed
> request that triggered a denial of service.
> This issue was reported responsibly to the Apache Software Foundation
> via JPCERT but an error in addressing an e-mail led to the unintended
> early disclosure of this issue[1].
> Mitigation:
> Users of affected versions should apply one of the following mitigations
> - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released
> - - Upgrade to Apache Tomcat 8.0.2 or later once released
> - - Upgrade to Apache Tomcat 7.0.51 or later once released
> - - Apply the appropriate patch
>   - Commons FileUpload: http://svn.apache.org/r1565143
>   - Tomcat 8: http://svn.apache.org/r1565163
>   - Tomcat 7: http://svn.apache.org/r1565169
> - - Limit the size of the Content-Type header to less than 4091 bytes
> Credit:
> This issue was reported to the Apache Software Foundation via JPCERT.
> References:
> [1] http://markmail.org/message/kpfl7ax4el2owb3o
> [2] http://tomcat.apache.org/security-8.html
> [3] http://tomcat.apache.org/security-7.html



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message