diff options
| author | junovitch <junovitch@FreeBSD.org> | 2016-06-27 02:13:40 +0800 |
|---|---|---|
| committer | junovitch <junovitch@FreeBSD.org> | 2016-06-27 02:13:40 +0800 |
| commit | e2c0519d6e1d5c35d1a113a076d814b9d3b3b82d (patch) | |
| tree | 4f6e555009a209d930f79f6182a82b3123434f00 | |
| parent | 4d72e69d667b576cc504ecbe6e106f2aed645e9b (diff) | |
| download | freebsd-ports-gnome-e2c0519d6e1d5c35d1a113a076d814b9d3b3b82d.tar.gz freebsd-ports-gnome-e2c0519d6e1d5c35d1a113a076d814b9d3b3b82d.tar.zst freebsd-ports-gnome-e2c0519d6e1d5c35d1a113a076d814b9d3b3b82d.zip | |
Document remote denial of service via FileUpload component in Tomcat
PR: 209669 [1]
Reported by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1]
Reported by: Roger Marquis <marquis@roble.com>
Security: CVE-2016-3092
Security: https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ea5a291d9b35..5dce74b6ca1c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5"> + <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic> + <affects> + <package> + <name>tomcat7</name> + <range><lt>7.0.70</lt></range> + </package> + <package> + <name>tomcat8</name> + <range><lt>8.0.36</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mark Thomas reports:</p> + <blockquote cite="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E"> + <p>CVE-2016-3092 is a denial of service vulnerability that has been + corrected in the Apache Commons FileUpload component. It occurred + when the length of the multipart boundary was just below the size of + the buffer (4096 bytes) used to read the uploaded file. This caused + the file upload process to take several orders of magnitude longer + than if the boundary length was the typical tens of bytes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-3092</cvename> + <freebsdpr>ports/209669</freebsdpr> + <url>http://tomcat.apache.org/security-7.html</url> + <url>http://tomcat.apache.org/security-8.html</url> + <url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url> + </references> + <dates> + <discovery>2016-06-20</discovery> + <entry>2016-06-26</entry> + </dates> + </vuln> + <vuln vid="bfcc23b6-3b27-11e6-8e82-002590263bf5"> <topic>wordpress -- multiple vulnerabilities</topic> <affects> |