ICEfaces
  1. ICEfaces
  2. ICE-10023

Fix CVE-2014-0050 DoS with malformed Content-Type header and multipart request processing

    Details

    • Assignee Priority:
      P1

      Description

      ICEfaces FileEntry makes use of an embedded copy of commons-fileupload, so is vulnerable to the following:

      MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

        Issue Links

          Activity

          Ted Goddard created issue -
          Ken Fyten made changes -
          Field Original Value New Value
          Assignee Mircea Toma [ mircea.toma ]
          Fix Version/s EE-3.3.0.GA_P02 [ 11371 ]
          Fix Version/s 4.0 [ 11382 ]
          Affects Version/s EE-3.3.0.GA [ 10572 ]
          Affects Version/s 3.3 [ 10370 ]
          Affects Version/s EE-3.3.0.GA_P01 [ 11174 ]
          Assignee Priority P1 [ 10010 ]
          Ken Fyten made changes -
          Summary Infinite loop caused by malformed Content-Type header Fix CVE-2014-0050 DoS with malformed Content-Type header and multipart request processing
          Ken Fyten made changes -
          Security Private [ 10001 ]
          Mircea Toma made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Judy Guglielmin made changes -
          Link This issue blocks ICE-10355 [ ICE-10355 ]
          Ken Fyten made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Arturo Zambrano made changes -
          Link This issue blocks ICE-11437 [ ICE-11437 ]

            People

            • Assignee:
              Mircea Toma
              Reporter:
              Ted Goddard
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: