CVE-2014-0050
A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.
Find out more about CVE-2014-0050 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Fuse MQ Enterprise 7.1.0 | RHSA-2014:0452 | 2014-04-30 |
| Red Hat JBoss BPMS 6.0 | RHSA-2014:0373 | 2014-04-03 |
| Red Hat JBoss Portal 6.2 | RHSA-2015:1009 | 2015-05-14 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (tomcat6) | RHSA-2014:0525 | 2014-05-21 |
| Red Hat JBoss Operations Network 3.2 | RHSA-2014:0473 | 2014-05-06 |
| Fuse ESB Enterprise 7.1.0 | RHSA-2014:0452 | 2014-04-30 |
| Red Hat JBoss Web Server 2.0 | RHSA-2014:0527 | 2014-05-21 |
| Red Hat Enterprise Linux 6 (tomcat6) | RHSA-2014:0429 | 2014-04-23 |
| Red Hat JBoss Fuse Service Works 6.0 | RHSA-2014:0459 | 2014-04-30 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (jbossweb) | RHSA-2014:0253 | 2014-03-05 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (tomcat7) | RHSA-2014:0526 | 2014-05-21 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (jbossweb) | RHSA-2014:0253 | 2014-03-05 |
| Fuse Management Console 7.1.0 | RHSA-2014:0452 | 2014-04-30 |
| Red Hat JBoss Web Server 2.0 | RHSA-2014:0528 | 2014-05-21 |
| Red Hat JBoss A-MQ 6.1 | RHSA-2014:0401 | 2014-04-14 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (tomcat6) | RHSA-2014:0525 | 2014-05-21 |
| Red Hat JBoss Enterprise Application Platform 6.2 | RHSA-2014:0252 | 2014-03-05 |
| Red Hat JBoss Fuse 6.1 | RHSA-2014:0400 | 2014-04-14 |
| Red Hat JBoss BRMS 6.0 | RHSA-2014:0373 | 2014-04-03 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (tomcat7) | RHSA-2014:0526 | 2014-05-21 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | thermostat1-apache-commons-fileupload | Will not fix |
| Red Hat Satellite 6 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.6 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.5 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.4 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.3 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.2 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.1 | commons-fileupload | Will not fix |
| Red Hat Satellite 5.0 | commons-fileupload | Will not fix |
| Red Hat Satellite 4.2 | commons-fileupload | Will not fix |
| Red Hat Satellite 4.1 | commons-fileupload | Will not fix |
| Red Hat Satellite 4.0 | commons-fileupload | Will not fix |
| Red Hat Satellite 3.7 | commons-fileupload | Will not fix |
| Red Hat JBoss Portal Platform 4 | commons-fileupload | Will not fix |
| Red Hat JBoss Portal 5 | commons-fileupload | Will not fix |
| Red Hat JBoss Enterprise SOA Platform 5 | commons-fileupload | Will not fix |
| Red Hat JBoss Enterprise SOA Platform 4.3 | commons-fileupload | Will not fix |
| Red Hat JBoss EWS 1 | tomcat | Will not fix |
| Red Hat JBoss EWS 1 | commons-fileupload | Will not fix |
| Red Hat JBoss Data Virtualization 6 | jbossweb | Not affected |
| Red Hat JBoss Data Grid 6 | jbossweb | Not affected |
| Red Hat JBoss BRMS 5 | commons-fileupload | Will not fix |
| Red Hat Enterprise Linux 7 | tomcat | Not affected |
| Red Hat Enterprise Linux 5 | jakarta-commons-fileupload | Will not fix |