ICEfaces
  1. ICEfaces
  2. ICE-11437

Fix CVE-2016-3092 Specially crafted input can trigger a DoS, if the size of the MIME boundard is close to the size of the buffer in MultipartStream

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.3, EE-3.3.0.GA_P06
    • Fix Version/s: EE-4.3.0.GA, EE-3.3.0.GA_P07
    • Component/s: ACE-Components
    • Labels:
      None
    • Environment:
      Any

      Description

      Sometime ago we fixed another security issue in our Apache Commons FileUpload code, CVE-2014-0050, as per ICE-10023.

      There's another security issue, CVE-2016-3092, similar to the last one we fixed that we haven't fixed in our code. However, it is not clear whether our code has that vulnerability or not. So, we must investigate further and apply the fix if necessary or state why that fix is not necessary.

      http://commons.apache.org/proper/commons-fileupload/changes-report.html

        Issue Links

          Activity

            People

            • Assignee:
              Arturo Zambrano
              Reporter:
              Arturo Zambrano
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: