CVE-2016-3092
Description
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-3092
Vendor advisory: secalert@redhat.com — https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-9.html
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-8.html
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-7.html
Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1743742
Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1743738
Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1743722
Vendor advisory: secalert@redhat.com — http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Vendor advisory: secalert@redhat.com — http://jvn.jp/en/jp/JVN89379547/index.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-3092.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 1.3.2-1 |
| debian | bullseye | fixed | 1.3.2-1 |
| debian | forky | fixed | 1.3.2-1 |
| debian | sid | fixed | 1.3.2-1 |
| debian | trixie | fixed | 1.3.2-1 |
| ubuntu | 12.04 | affected | |
| ubuntu | 14.04 | affected | |
| ubuntu | 15.10 | affected | |
| ubuntu | 16.04 | affected | |
| debian | 8.0 | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | commons-fileupload:commons-fileupload | <1.3.2 | 1.3.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | tomcat | 7.0.50 | |
| apache | tomcat | 7.0.52 | |
| hp | icewall_identity_manager | 5.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 8.0.0 | |
| apache | tomcat | 8.0.1 | |
| apache | tomcat | 8.0.3 | |
| apache | tomcat | 8.0.5 | |
| apache | tomcat | 8.0.8 | |
| apache | tomcat | 8.0.11 | |
| apache | tomcat | 8.0.12 | |
| apache | tomcat | 8.0.14 | |
| apache | tomcat | 8.0.15 | |
| apache | tomcat | 8.0.17 | |
| apache | tomcat | 8.0.18 | |
| apache | tomcat | 8.0.20 | |
| apache | tomcat | 8.0.21 | |
| apache | tomcat | 8.0.22 | |
| apache | tomcat | 8.0.23 | |
| apache | tomcat | 8.0.24 | |
| apache | tomcat | 8.0.26 | |
| apache | tomcat | 8.0.27 | |
| apache | tomcat | 8.0.28 | |
| apache | tomcat | 8.0.29 | |
| apache | tomcat | 8.0.30 | |
| apache | tomcat | 8.0.32 | |
| apache | tomcat | 8.0.33 | |
| apache | tomcat | 8.0.35 | |
| apache | tomcat | 8.5.0 | |
| apache | tomcat | 8.5.2 | |
| apache | commons_fileupload | {"endIncluding":"1.3.1"} | |
| apache | tomcat | 7.0.0 | |
| apache | tomcat | 7.0.1 | |
| apache | tomcat | 7.0.2 | |
| apache | tomcat | 7.0.4 | |
| apache | tomcat | 7.0.5 | |
| apache | tomcat | 7.0.6 | |
| apache | tomcat | 7.0.8 | |
| apache | tomcat | 7.0.10 | |
| apache | tomcat | 7.0.11 | |
| apache | tomcat | 7.0.12 | |
| apache | tomcat | 7.0.14 | |
| apache | tomcat | 7.0.16 | |
| apache | tomcat | 7.0.19 | |
| apache | tomcat | 7.0.20 | |
| apache | tomcat | 7.0.21 | |
| apache | tomcat | 7.0.22 | |
| apache | tomcat | 7.0.23 | |
| apache | tomcat | 7.0.25 | |
| apache | tomcat | 7.0.26 | |
| apache | tomcat | 7.0.27 | |
| apache | tomcat | 7.0.28 | |
| apache | tomcat | 7.0.29 | |
| apache | tomcat | 7.0.30 | |
| apache | tomcat | 7.0.32 | |
| apache | tomcat | 7.0.33 | |
| apache | tomcat | 7.0.34 | |
| apache | tomcat | 7.0.35 | |
| apache | tomcat | 7.0.37 | |
| apache | tomcat | 7.0.39 | |
| apache | tomcat | 7.0.40 | |
| apache | tomcat | 7.0.41 | |
| apache | tomcat | 7.0.42 | |
| apache | tomcat | 7.0.47 | |
| apache | tomcat | 7.0.53 | |
| apache | tomcat | 7.0.54 | |
| apache | tomcat | 7.0.55 | |
| apache | tomcat | 7.0.56 | |
| apache | tomcat | 7.0.57 | |
| apache | tomcat | 7.0.59 | |
| apache | tomcat | 7.0.61 | |
| apache | tomcat | 7.0.62 | |
| apache | tomcat | 7.0.63 | |
| apache | tomcat | 7.0.64 | |
| apache | tomcat | 7.0.65 | |
| apache | tomcat | 7.0.67 | |
| apache | tomcat | 7.0.68 | |
| apache | tomcat | 7.0.69 | |
References
- https://www.suse.com/security/cve/CVE-2016-3092.html
- http://jvn.jp/en/jp/JVN89379547/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
- http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
- http://rhn.redhat.com/errata/RHSA-2016-2068.html
- http://rhn.redhat.com/errata/RHSA-2016-2069.html
- http://rhn.redhat.com/errata/RHSA-2016-2070.html
- http://rhn.redhat.com/errata/RHSA-2016-2071.html
- http://rhn.redhat.com/errata/RHSA-2016-2072.html
- http://rhn.redhat.com/errata/RHSA-2016-2599.html
- http://rhn.redhat.com/errata/RHSA-2016-2807.html
- http://rhn.redhat.com/errata/RHSA-2016-2808.html
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- http://svn.apache.org/viewvc?view=revision&revision=1743480
- http://svn.apache.org/viewvc?view=revision&revision=1743722
- http://svn.apache.org/viewvc?view=revision&revision=1743738
- http://svn.apache.org/viewvc?view=revision&revision=1743742
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-9.html
- http://www.debian.org/security/2016/dsa-3609
- http://www.debian.org/security/2016/dsa-3611
- http://www.debian.org/security/2016/dsa-3614
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.