Security Information / 2014 / Security Information -- DSA-2856-1 libcommons-fileupload-java

Debian Security Advisory

DSA-2856-1 libcommons-fileupload-java -- denial of service

Date Reported:

07 Feb 2014

Affected Packages:

libcommons-fileupload-java

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-0050.

More information:

It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.2-1+deb6u2.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.2-1+deb7u2.

For the unstable distribution (sid), this problem has been fixed in version 1.3.1-1.

We recommend that you upgrade your libcommons-fileupload-java packages.