You are here

DoS on Apache Tomcat and Apache Commons FileUpload

IDs: 
CVE-2014-0050
Keywords: 
Tomcat, DoS
Description: 

The following Apache Software components are affected by a critical denial of service vulnerability (CVE-2014-0050).

  • Apache Commons FileUpload 1.0 to 1.3
  • Apache Tomcat 8.0.0-RC1 to 8.0.1
  • Apache Tomcat 7.0.0 to 7.0.50

By sending an overlong boundary string (~4KB) in the Content-Type header Apache Commons FileUpload will enter in an infinite loop.

Airlock protects back-ends by blocking overlong Content-Type headers.

Resolution: 

Airlock protects vulnerable backends. No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
No action required
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock