← back
CVE-2014-0050

CVE-2014-0050

60Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 83%
from disclosure to weapon0 days
Published on NVDMar 28
1st PoCFeb 12
metasploitFeb 6
exploitation probability
83%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.