CVE-2016-3092

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-3092

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3092.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-3092

Aliases

GHSA-fvm3-cfvj-gxqq

Downstream

DEBIAN-CVE-2016-3092

DLA-528-1

DLA-529-1

DSA-3609-1

DSA-3611-1

DSA-3614-1

RHSA-2016:2068

RHSA-2016:2069

RHSA-2016:2070

RHSA-2016:2072

RHSA-2016:2599

RHSA-2016:2807

RHSA-2017:0455

RHSA-2017:0456

SUSE-SU-2016:2188-1

SUSE-SU-2017:1660-1

SUSE-SU-2023:0730-1

SUSE-SU-2023:0758-1

UBUNTU-CVE-2016-3092

USN-3024-1

USN-3027-1

openSUSE-SU-2024:10446-1

openSUSE-SU-2024:13441-1

Related

Published

2016-07-04T22:59:04Z

Modified

2025-09-24T08:11:14.765804Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

References

Affected packages

Git / github.com/apache/commons-fileupload

Affected ranges

Type: GIT
Repo: https://github.com/apache/commons-fileupload
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e19f0d04ff9d28e5e0d7bc6a4e98b6f04cec6bf8

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

009cf0448025b6227b026e66f5351f0dcb3dd733

Last affected

04d13f45b4268945a0bee7a56fc4cf3782db0c71

Last affected

05e76dc1b6edcc2fa87d95de72a8a714267e462d

Last affected

0b2140180148548e012498e2d7c074fb9d208beb

Last affected

1958059057715d26415839cabad78e685d4d02f1

Last affected

1b734919fd5ee83a2905070dcbd6ffffff1beb63

Last affected

20bd21830dfe7864cac78acb1b7c825baa11bd85

Last affected

29b07def810d335012e738b22ab44d4e232b50d1

Last affected

2b858c0fce0db18ca733b161d7428f2cca214841

Last affected

30a7e7f7b48aa5f9f4a559635966d70901b5f51d

Last affected

32583ea28061391c314a09a43fbee48c072940a9

Last affected

3477614af783b612341fa6bc00c16b32d1791de8

Last affected

47af1012111595546f31d9096a37a839f93caa62

Last affected

4a39288c6eab999452c72af9fd1a0c12b054ca9f

Last affected

4c8b650437e2464c1c31c6598a263b3805b7a81f

Last affected

511d6f15e4254f3af12c75e5199b66448342eabf

Last affected

53728ececd4dc0134c2e17de849db53ce08219c9

Last affected

5e096bfd5a387f057766dc6b5217feae75b08331

Last affected

5f6f258107e7e463cce41187e13474f3c894693e

Last affected

68e114cf9fe0a83a888099c084b3036040afa518

Last affected

6b77b128188a5ed033da2998ff2f47f65aa4f7f8

Last affected

6e2c7f6227de95874c79f77bafe5ed26dfeb4021

Last affected

72a8a7c601a7bff56723650d5bb1e353d095af3d

Last affected

7cfeba335a41dd3b0e423f12534e5936c461711c

Last affected

7e8629b4ff4152ae6285fa184745e9a1382ca440

Last affected

81d3e54a46de226a5a8f11bcc65195cddcc24f96

Last affected

85cfeb746b8ea0d0e51cc4ced6053075f5460a36

Last affected

86ecd2ad87b805992b9e4c2f2317feaab7a1e3fb

Last affected

892c777b9d5c051dc20aacfefc280ab02dbe2143

Last affected

8b83cefaf2a454706f03f509944ca46103db4d13

Last affected

8d84136656655a20287cf2dac6ec7fd047979de5

Last affected

9e0d31f12dbd5441097dbec493895ad4e07a6832

Last affected

9f62bc56a0887353e58579153a30c64c5369efdb

Last affected

a6d2ed3eef40903b661d138ae7c8fbd9790d1928

Last affected

ad3da1182b0ed370ec233b925c69dcee826a9efe

Last affected

b7b373b84f1b80602ed62fb056be7c7ce429a15c

Last affected

b7d6e626d03f61ccd6c92e8ea28df12e67d256e6

Last affected

ba53773f48f31de787edb559db38e3e02d7efffd

Last affected

bc8b8705a9713cbd0232ab2d326d96ceb4aef1ad

Last affected

be7e6137267298d6a7b1b3cd2cb1f3f605f9162b

Last affected

c845090723d1118dbce1928f9468e1726b79c3b1

Last affected

d1dc05e934e089ea8907998cf850760017a0ed82

Last affected

d70fcee0390d1a82b108979d26a7a397a7418bc7

Last affected

d8ebf61e51b4455e3c226751e492a533f9002d48

Last affected

ddd8de1c64ef852caca10ab876fed02cfe827ef1

Last affected

de47b464201769870a06764cdd5143a59cd95302

Last affected

e0ffdd2535a8cb102c62b5db41170625e9d1bf46

Last affected

e37b977db6f47e4380ad67114a49e8568951c953

Last affected

e498667bd7811e846771a852b16ce9f1e524b81b

Last affected

eae5ead3864c4e2d528a874069828c6c12dee8a5

Last affected

efa0e79f82f17880c0d7427918bc34a83243dfa6

Last affected

f5dffa6e1148080fe5dc3690df917e805c72a714

Last affected

f6de6eb5445d266506fcf89d3962a622478c2c6c

Last affected

fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf

Last affected

feaf3763fb37e4a9176ef46a2c80e34821077884

Last affected

fec4a6d1d1f050401aec5c6a3bd0431850472d92

Affected versions

Other

FILEUPLOAD_1_3_1

FILEUPLOAD_1_3_1_RC1