CVE-2016-3092

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-3092
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3092.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3092
Aliases
Related
Published
2016-07-04T22:59:04Z
Modified
2025-07-01T23:13:28.615065Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

References

Affected packages

Debian:11 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/commons-fileupload

Affected ranges

Type
GIT
Repo
https://github.com/apache/commons-fileupload
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e19f0d04ff9d28e5e0d7bc6a4e98b6f04cec6bf8
Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
009cf0448025b6227b026e66f5351f0dcb3dd733
Last affected
04d13f45b4268945a0bee7a56fc4cf3782db0c71
Last affected
05e76dc1b6edcc2fa87d95de72a8a714267e462d
Last affected
0b2140180148548e012498e2d7c074fb9d208beb
Last affected
1958059057715d26415839cabad78e685d4d02f1
Last affected
1b734919fd5ee83a2905070dcbd6ffffff1beb63
Last affected
20bd21830dfe7864cac78acb1b7c825baa11bd85
Last affected
29b07def810d335012e738b22ab44d4e232b50d1
Last affected
2b858c0fce0db18ca733b161d7428f2cca214841
Last affected
30a7e7f7b48aa5f9f4a559635966d70901b5f51d
Last affected
32583ea28061391c314a09a43fbee48c072940a9
Last affected
3477614af783b612341fa6bc00c16b32d1791de8
Last affected
47af1012111595546f31d9096a37a839f93caa62
Last affected
4a39288c6eab999452c72af9fd1a0c12b054ca9f
Last affected
4c8b650437e2464c1c31c6598a263b3805b7a81f
Last affected
511d6f15e4254f3af12c75e5199b66448342eabf
Last affected
53728ececd4dc0134c2e17de849db53ce08219c9
Last affected
5e096bfd5a387f057766dc6b5217feae75b08331
Last affected
5f6f258107e7e463cce41187e13474f3c894693e
Last affected
68e114cf9fe0a83a888099c084b3036040afa518
Last affected
6b77b128188a5ed033da2998ff2f47f65aa4f7f8
Last affected
6e2c7f6227de95874c79f77bafe5ed26dfeb4021
Last affected
72a8a7c601a7bff56723650d5bb1e353d095af3d
Last affected
7cfeba335a41dd3b0e423f12534e5936c461711c
Last affected
7e8629b4ff4152ae6285fa184745e9a1382ca440
Last affected
81d3e54a46de226a5a8f11bcc65195cddcc24f96
Last affected
85cfeb746b8ea0d0e51cc4ced6053075f5460a36
Last affected
86ecd2ad87b805992b9e4c2f2317feaab7a1e3fb
Last affected
892c777b9d5c051dc20aacfefc280ab02dbe2143
Last affected
8b83cefaf2a454706f03f509944ca46103db4d13
Last affected
8d84136656655a20287cf2dac6ec7fd047979de5
Last affected
9e0d31f12dbd5441097dbec493895ad4e07a6832
Last affected
9f62bc56a0887353e58579153a30c64c5369efdb
Last affected
a6d2ed3eef40903b661d138ae7c8fbd9790d1928
Last affected
ad3da1182b0ed370ec233b925c69dcee826a9efe
Last affected
b7b373b84f1b80602ed62fb056be7c7ce429a15c
Last affected
b7d6e626d03f61ccd6c92e8ea28df12e67d256e6
Last affected
ba53773f48f31de787edb559db38e3e02d7efffd
Last affected
bc8b8705a9713cbd0232ab2d326d96ceb4aef1ad
Last affected
be7e6137267298d6a7b1b3cd2cb1f3f605f9162b
Last affected
c845090723d1118dbce1928f9468e1726b79c3b1
Last affected
d1dc05e934e089ea8907998cf850760017a0ed82
Last affected
d70fcee0390d1a82b108979d26a7a397a7418bc7
Last affected
d8ebf61e51b4455e3c226751e492a533f9002d48
Last affected
ddd8de1c64ef852caca10ab876fed02cfe827ef1
Last affected
de47b464201769870a06764cdd5143a59cd95302
Last affected
e0ffdd2535a8cb102c62b5db41170625e9d1bf46
Last affected
e37b977db6f47e4380ad67114a49e8568951c953
Last affected
e498667bd7811e846771a852b16ce9f1e524b81b
Last affected
eae5ead3864c4e2d528a874069828c6c12dee8a5
Last affected
efa0e79f82f17880c0d7427918bc34a83243dfa6
Last affected
f5dffa6e1148080fe5dc3690df917e805c72a714
Last affected
f6de6eb5445d266506fcf89d3962a622478c2c6c
Last affected
fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf
Last affected
feaf3763fb37e4a9176ef46a2c80e34821077884
Last affected
fec4a6d1d1f050401aec5c6a3bd0431850472d92

Affected versions

Other

FILEUPLOAD_1_3_1
FILEUPLOAD_1_3_1_RC1