Details
-
Type: Task
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 4.3, EE-3.3.0.GA_P06
-
Fix Version/s: EE-4.3.0.GA, EE-3.3.0.GA_P07
-
Component/s: ACE-Components
-
Labels:None
-
Environment:Any
Description
Sometime ago we fixed another security issue in our Apache Commons FileUpload code, CVE-2014-0050, as per ICE-10023.
There's another security issue, CVE-2016-3092, similar to the last one we fixed that we haven't fixed in our code. However, it is not clear whether our code has that vulnerability or not. So, we must investigate further and apply the fix if necessary or state why that fix is not necessary.
http://commons.apache.org/proper/commons-fileupload/changes-report.html
There's another security issue, CVE-2016-3092, similar to the last one we fixed that we haven't fixed in our code. However, it is not clear whether our code has that vulnerability or not. So, we must investigate further and apply the fix if necessary or state why that fix is not necessary.
http://commons.apache.org/proper/commons-fileupload/changes-report.html
Issue Links
- depends on
-
ICE-10023 Fix CVE-2014-0050 DoS with malformed Content-Type header and multipart request processing
- Closed
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion