diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ea5a291d9b35..5dce74b6ca1c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5"> + <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic> + <affects> + <package> + <name>tomcat7</name> + <range><lt>7.0.70</lt></range> + </package> + <package> + <name>tomcat8</name> + <range><lt>8.0.36</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mark Thomas reports:</p> + <blockquote cite="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E"> + <p>CVE-2016-3092 is a denial of service vulnerability that has been + corrected in the Apache Commons FileUpload component. It occurred + when the length of the multipart boundary was just below the size of + the buffer (4096 bytes) used to read the uploaded file. This caused + the file upload process to take several orders of magnitude longer + than if the boundary length was the typical tens of bytes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-3092</cvename> + <freebsdpr>ports/209669</freebsdpr> + <url>http://tomcat.apache.org/security-7.html</url> + <url>http://tomcat.apache.org/security-8.html</url> + <url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url> + </references> + <dates> + <discovery>2016-06-20</discovery> + <entry>2016-06-26</entry> + </dates> + </vuln> + <vuln vid="bfcc23b6-3b27-11e6-8e82-002590263bf5"> <topic>wordpress -- multiple vulnerabilities</topic> <affects> |