The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
Link Providers
http://jvn.jp/en/jp/JVN89379547/index.html cve-icon cve-icon
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121 cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html cve-icon cve-icon
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2068.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2069.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2070.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2071.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2072.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2599.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2807.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2808.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2017-0457.html cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1743480 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1743722 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1743738 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1743742 cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon cve-icon
http://tomcat.apache.org/security-8.html cve-icon cve-icon cve-icon
http://tomcat.apache.org/security-9.html cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3609 cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3611 cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3614 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html cve-icon cve-icon
http://www.securityfocus.com/bid/91453 cve-icon cve-icon
http://www.securitytracker.com/id/1036427 cve-icon cve-icon
http://www.securitytracker.com/id/1036900 cve-icon cve-icon
http://www.securitytracker.com/id/1037029 cve-icon cve-icon
http://www.securitytracker.com/id/1039606 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-3024-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-3027-1 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:0455 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:0456 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1349468 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 cve-icon cve-icon
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-3092 cve-icon
https://security.gentoo.org/glsa/201705-09 cve-icon cve-icon
https://security.gentoo.org/glsa/202107-39 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190212-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-3092 cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-07-04T22:00:00

Updated: 2024-08-05T23:40:15.604Z

Reserved: 2016-03-10T00:00:00

Link: CVE-2016-3092

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-07-04T22:59:04.303

Modified: 2023-12-08T16:41:18.860

Link: CVE-2016-3092

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-06-21T00:00:00Z

Links: CVE-2016-3092 - Bugzilla