Home

CVE-2016-3092

Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
36.479

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.11Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13Windows
Vulnerabilities CVE-2016-5387,CVE-2016-3092,CVE-2016-1182,CVE-2016-1181 are fixed in IBM WebSphere 9.0.0.1Windows
Vulnerabilities CVE-2016-3092 are fixed in Apache-commons-fileupload 1.3.2Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2Windows
Vulnerabilities CVE-2015-5254,CVE-2016-3092,CVE-2017-10041,CVE-2017-10156,CVE-2017-10157 are affected in Oracle BI Publisher 12.2.1.1.0Windows
Multiple vulnerabilities are affected in Oracle BI Publisher 12.2.1.2.0Windows
Multiple vulnerabilities are affected in Oracle BI Publisher 11.1.1.9.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.2Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.5.0Windows
Multiple Vulnerabilities are affected in IBM MQ 8.0.0.5Windows
Servlet and JSP engine (USN-3027-1) tomcat8_8.0.32-1ubuntu1.1_all.debLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
SUSE-SU-2023:0758-1(SUSE Linux Enterprise Server 12 SP5 ) jakarta-commons-fileupload-1.1.1-122.8.1.noarch.rpmLinux
SUSE-SU-2023:0758-1(SUSE Linux Enterprise Server 12 SP5 ) jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch.rpmLinux
Vulnerabilities CVE-2016-3092 are fixed in Apache-commons-fileupload for Linux 1.3.2Linux
Vulnerabilities CVE-2014-2600 ,CVE-2016-3092 are affected in icewall_identity_manager 5.0NCM
Vulnerabilities CVE-2016-2182 ,CVE-2016-3092 ,CVE-2016-6306 are affected in icewall_sso_agent_option 10.0-r1NCM
Vulnerabilities CVE-2016-2182 ,CVE-2016-3092 ,CVE-2016-6306 are affected in icewall_sso_agent_option 10.0NCM
Improper Input Validation Vulnerability (CVE-2016-3092)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234