commons-fileupload:commons-fileupload

vulnerable: 1.0, 1.1, 1.1.1, 1.2, 1.2.1

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

vulnerable: 1.0 ... 1.3 (9 versions)

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a …

vulnerable: 1.0 ... 1.3 (9 versions)

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type he…

vulnerable: 1.0 ... 1.3.2 (13 versions)

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

vulnerable: 1.0 ... 1.3.1-jenkins-2 (12 versions)

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial o…

vulnerable: 1.0 ... 1.4 (15 versions)

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file …