VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://advisories.mageia.org/MGASA-2014-0110.html
generic_textual	HIGH	http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
generic_textual	HIGH	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
generic_textual	HIGH	http://jvn.jp/en/jp/JVN14876762/index.html
generic_textual	HIGH	http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=143136844732487&w=2
generic_textual	HIGH	http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2014-0252.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2014-0253.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2014-0400.html
epss	0.92678	https://api.first.org/data/v1/epss?cve=CVE-2014-0050
epss	0.92678	https://api.first.org/data/v1/epss?cve=CVE-2014-0050
epss	0.92678	https://api.first.org/data/v1/epss?cve=CVE-2014-0050
epss	0.92678	https://api.first.org/data/v1/epss?cve=CVE-2014-0050
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1062337
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
generic_textual	HIGH	http://seclists.org/fulldisclosure/2014/Dec/23
generic_textual	HIGH	http://secunia.com/advisories/57915
generic_textual	HIGH	http://secunia.com/advisories/58075
generic_textual	HIGH	http://secunia.com/advisories/58976
generic_textual	HIGH	http://secunia.com/advisories/59039
generic_textual	HIGH	http://secunia.com/advisories/59041
generic_textual	HIGH	http://secunia.com/advisories/59183
generic_textual	HIGH	http://secunia.com/advisories/59184
generic_textual	HIGH	http://secunia.com/advisories/59185
generic_textual	HIGH	http://secunia.com/advisories/59187
generic_textual	HIGH	http://secunia.com/advisories/59232
generic_textual	HIGH	http://secunia.com/advisories/59399
generic_textual	HIGH	http://secunia.com/advisories/59492
generic_textual	HIGH	http://secunia.com/advisories/59500
generic_textual	HIGH	http://secunia.com/advisories/59725
generic_textual	HIGH	http://secunia.com/advisories/60475
generic_textual	HIGH	http://secunia.com/advisories/60753
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-xx68-jfcg-xmmf
generic_textual	HIGH	https://github.com/advisories/GHSA-xx68-jfcg-xmmf
generic_textual	HIGH	https://github.com/apache/commons-fileupload
generic_textual	HIGH	https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a
generic_textual	HIGH	https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c
generic_textual	HIGH	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
generic_textual	HIGH	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
generic_textual	HIGH	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2014-0050
generic_textual	HIGH	https://svn.apache.org/viewvc?view=revision&revision=1565143
generic_textual	HIGH	https://svn.apache.org/viewvc?view=revision&revision=1565163
generic_textual	HIGH	https://svn.apache.org/viewvc?view=revision&revision=1565169
generic_textual	HIGH	https://tomcat.apache.org/security-7.html
generic_textual	HIGH	https://tomcat.apache.org/security-8.html
generic_textual	HIGH	http://svn.apache.org/r1565143
generic_textual	HIGH	http://tomcat.apache.org/security-7.html
generic_textual	HIGH	http://tomcat.apache.org/security-8.html
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21669554
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21675432
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676091
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676401
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676403
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676405
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676410
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676656
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21676853
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21677691
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21677724
generic_textual	HIGH	http://www-01.ibm.com/support/docview.wss?uid=swg21681214
generic_textual	HIGH	http://www.debian.org/security/2014/dsa-2856
generic_textual	HIGH	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
generic_textual	HIGH	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
generic_textual	HIGH	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
generic_textual	HIGH	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
generic_textual	HIGH	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
generic_textual	HIGH	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual	HIGH	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual	HIGH	http://www.securityfocus.com/archive/1/532549/100/0/threaded
generic_textual	HIGH	http://www.securityfocus.com/archive/1/534161/100/0/threaded
generic_textual	HIGH	http://www.securityfocus.com/bid/65400
generic_textual	HIGH	http://www.ubuntu.com/usn/USN-2130-1
generic_textual	HIGH	http://www.vmware.com/security/advisories/VMSA-2014-0007.html
generic_textual	HIGH	http://www.vmware.com/security/advisories/VMSA-2014-0008.html
generic_textual	HIGH	http://www.vmware.com/security/advisories/VMSA-2014-0012.html

System

Score

Found at

generic_textual

HIGH

http://advisories.mageia.org/MGASA-2014-0110.html

generic_textual

HIGH

http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

generic_textual

HIGH

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017

generic_textual

HIGH

http://jvn.jp/en/jp/JVN14876762/index.html

generic_textual

HIGH

http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E

generic_textual

HIGH

http://marc.info/?l=bugtraq&m=143136844732487&w=2

generic_textual

HIGH

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2014-0252.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2014-0253.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2014-0400.html

epss

0.92678

https://api.first.org/data/v1/epss?cve=CVE-2014-0050

epss

0.92678

https://api.first.org/data/v1/epss?cve=CVE-2014-0050

epss

0.92678

https://api.first.org/data/v1/epss?cve=CVE-2014-0050

epss

0.92678

https://api.first.org/data/v1/epss?cve=CVE-2014-0050

generic_textual

HIGH

https://bugzilla.redhat.com/show_bug.cgi?id=1062337

apache_tomcat

Important

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

generic_textual

HIGH

http://seclists.org/fulldisclosure/2014/Dec/23

generic_textual

HIGH

http://secunia.com/advisories/57915

generic_textual

HIGH

http://secunia.com/advisories/58075

generic_textual

HIGH

http://secunia.com/advisories/58976

generic_textual

HIGH

http://secunia.com/advisories/59039

generic_textual

HIGH

http://secunia.com/advisories/59041

generic_textual

HIGH

http://secunia.com/advisories/59183

generic_textual

HIGH

http://secunia.com/advisories/59184

generic_textual

HIGH

http://secunia.com/advisories/59185

generic_textual

HIGH

http://secunia.com/advisories/59187

generic_textual

HIGH

http://secunia.com/advisories/59232

generic_textual

HIGH

http://secunia.com/advisories/59399

generic_textual

HIGH

http://secunia.com/advisories/59492

generic_textual

HIGH

http://secunia.com/advisories/59500

generic_textual

HIGH

http://secunia.com/advisories/59725

generic_textual

HIGH

http://secunia.com/advisories/60475

generic_textual

HIGH

http://secunia.com/advisories/60753

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-xx68-jfcg-xmmf

generic_textual

HIGH

https://github.com/advisories/GHSA-xx68-jfcg-xmmf

generic_textual

HIGH

https://github.com/apache/commons-fileupload

generic_textual

HIGH

https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a

generic_textual

HIGH

https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c

generic_textual

HIGH

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

generic_textual

HIGH

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

generic_textual

HIGH

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2014-0050

generic_textual

HIGH

https://svn.apache.org/viewvc?view=revision&revision=1565143

generic_textual

HIGH

https://svn.apache.org/viewvc?view=revision&revision=1565163

generic_textual

HIGH

https://svn.apache.org/viewvc?view=revision&revision=1565169

generic_textual

HIGH

https://tomcat.apache.org/security-7.html

generic_textual

HIGH

https://tomcat.apache.org/security-8.html

generic_textual

HIGH

http://svn.apache.org/r1565143

generic_textual

HIGH

http://tomcat.apache.org/security-7.html

generic_textual

HIGH

http://tomcat.apache.org/security-8.html

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21669554

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21675432

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676401

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676403

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676405

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676410

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676656

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21676853

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21677691

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21677724

generic_textual

HIGH

http://www-01.ibm.com/support/docview.wss?uid=swg21681214

generic_textual

HIGH

http://www.debian.org/security/2014/dsa-2856

generic_textual

HIGH

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html

generic_textual

HIGH

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html

generic_textual

HIGH

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html

generic_textual

HIGH

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

generic_textual

HIGH

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

generic_textual

HIGH

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

generic_textual

HIGH

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

generic_textual

HIGH

http://www.securityfocus.com/archive/1/532549/100/0/threaded

generic_textual

HIGH

http://www.securityfocus.com/archive/1/534161/100/0/threaded

generic_textual

HIGH

http://www.securityfocus.com/bid/65400

generic_textual

HIGH

http://www.ubuntu.com/usn/USN-2130-1

generic_textual

HIGH

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

generic_textual

HIGH

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

generic_textual

HIGH

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Reference id

Reference type

URL

http://advisories.mageia.org/MGASA-2014-0110.html

http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017

http://jvn.jp/en/jp/JVN14876762/index.html

http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E

http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E

http://marc.info/?l=bugtraq&m=143136844732487&w=2

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

http://rhn.redhat.com/errata/RHSA-2014-0252.html

http://rhn.redhat.com/errata/RHSA-2014-0253.html

http://rhn.redhat.com/errata/RHSA-2014-0400.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json

https://api.first.org/data/v1/epss?cve=CVE-2014-0050

https://bugzilla.redhat.com/show_bug.cgi?id=1062337

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/57915

http://secunia.com/advisories/58075

http://secunia.com/advisories/58976

http://secunia.com/advisories/59039

http://secunia.com/advisories/59041

http://secunia.com/advisories/59183

http://secunia.com/advisories/59184

http://secunia.com/advisories/59185

http://secunia.com/advisories/59187

http://secunia.com/advisories/59232

http://secunia.com/advisories/59399

http://secunia.com/advisories/59492

http://secunia.com/advisories/59500

http://secunia.com/advisories/59725

http://secunia.com/advisories/60475

http://secunia.com/advisories/60753

https://github.com/advisories/GHSA-xx68-jfcg-xmmf

https://github.com/apache/commons-fileupload

https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a

https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://nvd.nist.gov/vuln/detail/CVE-2014-0050

https://svn.apache.org/viewvc?view=revision&revision=1565143

https://svn.apache.org/viewvc?view=revision&revision=1565163

https://svn.apache.org/viewvc?view=revision&revision=1565169

https://svn.apache.org/viewvc?view=rev&rev=1565163

https://svn.apache.org/viewvc?view=rev&rev=1565169

https://tomcat.apache.org/security-7.html

https://tomcat.apache.org/security-8.html

http://struts.apache.org/docs/s2-020.html

http://svn.apache.org/r1565143

http://svn.apache.org/viewvc?view=revision&revision=1565143

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://www-01.ibm.com/support/docview.wss?uid=swg21669554

http://www-01.ibm.com/support/docview.wss?uid=swg21675432

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

http://www-01.ibm.com/support/docview.wss?uid=swg21676401

http://www-01.ibm.com/support/docview.wss?uid=swg21676403

http://www-01.ibm.com/support/docview.wss?uid=swg21676405

http://www-01.ibm.com/support/docview.wss?uid=swg21676410

http://www-01.ibm.com/support/docview.wss?uid=swg21676656

http://www-01.ibm.com/support/docview.wss?uid=swg21676853

http://www-01.ibm.com/support/docview.wss?uid=swg21677691

http://www-01.ibm.com/support/docview.wss?uid=swg21677724

http://www-01.ibm.com/support/docview.wss?uid=swg21681214

http://www.debian.org/security/2014/dsa-2856

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/archive/1/532549/100/0/threaded

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/65400

http://www.ubuntu.com/usn/USN-2130-1

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

CVE-2014-0050;OSVDB-102945

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb

RHSA-2014:0252

https://access.redhat.com/errata/RHSA-2014:0252

RHSA-2014:0253

https://access.redhat.com/errata/RHSA-2014:0253

RHSA-2014:0373

https://access.redhat.com/errata/RHSA-2014:0373

RHSA-2014:0400

https://access.redhat.com/errata/RHSA-2014:0400

RHSA-2014:0401

https://access.redhat.com/errata/RHSA-2014:0401

RHSA-2014:0429

https://access.redhat.com/errata/RHSA-2014:0429

RHSA-2014:0452

https://access.redhat.com/errata/RHSA-2014:0452

RHSA-2014:0459

https://access.redhat.com/errata/RHSA-2014:0459

RHSA-2014:0473

https://access.redhat.com/errata/RHSA-2014:0473

RHSA-2014:0525

https://access.redhat.com/errata/RHSA-2014:0525

RHSA-2014:0526

https://access.redhat.com/errata/RHSA-2014:0526

RHSA-2014:0527

https://access.redhat.com/errata/RHSA-2014:0527

RHSA-2014:0528

https://access.redhat.com/errata/RHSA-2014:0528

RHSA-2015:1009

https://access.redhat.com/errata/RHSA-2015:1009

USN-2130-1

https://usn.ubuntu.com/2130-1/

Data source	Exploit-DB
Date added	Feb. 12, 2014
Description	Apache Commons FileUpload and Apache Tomcat - Denial of Service
Ransomware campaign use	Known
Source publication date	Feb. 12, 2014
Exploit type	dos
Platform	multiple
Source update date	Feb. 12, 2014

Exploit-DB

Feb. 12, 2014

Apache Commons FileUpload and Apache Tomcat - Denial of Service

Known

Feb. 12, 2014

dos

multiple

Feb. 12, 2014

Data source	Metasploit
Description	This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source publication date	Feb. 6, 2014
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb

Metasploit

This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.

Stability:
  - crash-service-down
SideEffects: []
Reliability: []

Unknown

Feb. 6, 2014

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T11:55:19.030988+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	36.1.3

2025-07-01T11:55:19.030988+00:00

ProjectKB MSRImporter

Import

https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv

36.1.3

Vulnerability ID	VCID-pddt-rch4-3ueg
Aliases	CVE-2014-0050 GHSA-xx68-jfcg-xmmf
Summary
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.99738
EPSS Score	0.92678
Published At	July 15, 2025, 12:55 p.m.