![]() Multipart is often used in HTTP for the purpose of uploading files (more details can be found in RFC 2046). Note: parts of the code were copied into the .http.fileupload package in Apache Tomcat, causing it to be affected. The calculation is as follows:īoundary.length > bufSize – 1 – BOUNDARY_PREFIX.length = 4096 – 1 – 4 = 4091 ![]() The fixed code has an extra "if" condition (line number 330) that validates the length of the multipart boundary to be shorter than 4091 characters, raising an exception if that's not the case. The most significant difference I detected was in the "MultipartStream" class code of the package: "This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue," Thomas said in his email.Īn hour prior to sending the email, Thomas populated the Apache Commons FileUpload project SVN with code fixes. How do we know about this vulnerability?Ībout five days ago, Mark Thomas, a Project Management Committee Member and Committer in the Apache Tomcat project, sent an email about the accidentally leaked vulnerability (CVE-2014-0050) which allows attackers to take down your Tomcat-deployed web sites and web services. ![]() ![]() The article reviews the vulnerability's technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue. In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |