CVE-2014-0050: Input Validation
First published: Thu Feb 06 2014(Updated: )
A flaw was found in Apache Commons FileUpload. Specially-crafted input could trigger a denial of service if the buffer used by the MultipartStream was not big enough. Tomcat 7 includes an embedded copy of Apache Commons FileUpload, so it was possible to craft a malformed Content-Type header for a multipart request which would cause Tomcat to enter an infinite loop. This has been corrected in Tomcat 7 via commit r1565169 [1]. It has been corrected in Apache Commons FileUpload via commit r1565143 [2]. No new releases have been made with the changes; Tomcat 7.0.51 (not yet released) will correct this flaw. [1] <a href="http://svn.apache.org/viewvc?view=revision&revision=1565169">http://svn.apache.org/viewvc?view=revision&revision=1565169</a> [2] <a href="http://svn.apache.org/viewvc?view=revision&revision=1565143">http://svn.apache.org/viewvc?view=revision&revision=1565143</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.tomcat:tomcat | >=7.0.0<=7.0.50 | 7.0.52 |
| maven/org.apache.tomcat:tomcat | >=8.0.0-RC1<=8.0.1 | 8.0.3 |
| maven/commons-fileupload:commons-fileupload | <1.3.1 | 1.3.1 |
| redhat/tomcat | <7.0.52 | 7.0.52 |
| redhat/tomcat | <8.0.2 | 8.0.2 |
| redhat/apache-commons-fileupload | <1.3.1 | 1.3.1 |
| Oracle Retail Applications | =12.0 | |
| Oracle Retail Applications | =12.0in | |
| Oracle Retail Applications | =13.0 | |
| Oracle Retail Applications | =13.1 | |
| Oracle Retail Applications | =13.2 | |
| Oracle Retail Applications | =13.3 | |
| Oracle Retail Applications | =13.4 | |
| Oracle Retail Applications | =14.0 | |
| Apache Commons FileUpload | <=1.3 | |
| Apache Commons FileUpload | =1.0 | |
| Apache Commons FileUpload | =1.1 | |
| Apache Commons FileUpload | =1.1.1 | |
| Apache Commons FileUpload | =1.2 | |
| Apache Commons FileUpload | =1.2.1 | |
| Apache Commons FileUpload | =1.2.2 | |
| Tomcat | =7.0.0 | |
| Tomcat | =7.0.0-beta | |
| Tomcat | =7.0.1 | |
| Tomcat | =7.0.2 | |
| Tomcat | =7.0.2-beta | |
| Tomcat | =7.0.3 | |
| Tomcat | =7.0.4 | |
| Tomcat | =7.0.4-beta | |
| Tomcat | =7.0.5 | |
| Tomcat | =7.0.6 | |
| Tomcat | =7.0.7 | |
| Tomcat | =7.0.8 | |
| Tomcat | =7.0.9 | |
| Tomcat | =7.0.10 | |
| Tomcat | =7.0.11 | |
| Tomcat | =7.0.12 | |
| Tomcat | =7.0.13 | |
| Tomcat | =7.0.14 | |
| Tomcat | =7.0.15 | |
| Tomcat | =7.0.16 | |
| Tomcat | =7.0.17 | |
| Tomcat | =7.0.18 | |
| Tomcat | =7.0.19 | |
| Tomcat | =7.0.20 | |
| Tomcat | =7.0.21 | |
| Tomcat | =7.0.22 | |
| Tomcat | =7.0.23 | |
| Tomcat | =7.0.24 | |
| Tomcat | =7.0.25 | |
| Tomcat | =7.0.26 | |
| Tomcat | =7.0.27 | |
| Tomcat | =7.0.28 | |
| Tomcat | =7.0.29 | |
| Tomcat | =7.0.30 | |
| Tomcat | =7.0.31 | |
| Tomcat | =7.0.32 | |
| Tomcat | =7.0.33 | |
| Tomcat | =7.0.34 | |
| Tomcat | =7.0.35 | |
| Tomcat | =7.0.36 | |
| Tomcat | =7.0.37 | |
| Tomcat | =7.0.38 | |
| Tomcat | =7.0.39 | |
| Tomcat | =7.0.40 | |
| Tomcat | =7.0.41 | |
| Tomcat | =7.0.42 | |
| Tomcat | =7.0.43 | |
| Tomcat | =7.0.44 | |
| Tomcat | =7.0.45 | |
| Tomcat | =7.0.46 | |
| Tomcat | =7.0.47 | |
| Tomcat | =7.0.48 | |
| Tomcat | =7.0.49 | |
| Tomcat | =7.0.50 | |
| Tomcat | =8.0.0-rc1 | |
| Tomcat | =8.0.0-rc10 | |
| Tomcat | =8.0.0-rc2 | |
| Tomcat | =8.0.0-rc5 | |
| Tomcat | =8.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2014-0050
- https://bugzilla.redhat.com/show_bug.cgi?id=1062337
- https://github.com/advisories/GHSA-xx68-jfcg-xmmf (Advisory)
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://advisories.mageia.org/MGASA-2014-0110.html
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- http://jvn.jp/en/jp/JVN14876762/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
- http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E
- http://marc.info/?l=bugtraq&m=143136844732487&w=2
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://rhn.redhat.com/errata/RHSA-2014-0252.html
- http://rhn.redhat.com/errata/RHSA-2014-0253.html
- http://rhn.redhat.com/errata/RHSA-2014-0400.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/57915
- http://secunia.com/advisories/58075
- http://secunia.com/advisories/58976
- http://secunia.com/advisories/59039
- http://secunia.com/advisories/59041
- http://secunia.com/advisories/59183
- http://secunia.com/advisories/59184
- http://secunia.com/advisories/59185
- http://secunia.com/advisories/59187
- http://secunia.com/advisories/59232
- http://secunia.com/advisories/59399
- http://secunia.com/advisories/59492
- http://secunia.com/advisories/59500
- http://secunia.com/advisories/59725
- http://secunia.com/advisories/60475
- http://secunia.com/advisories/60753
- http://svn.apache.org/r1565143
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21675432
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676401
- http://www-01.ibm.com/support/docview.wss?uid=swg21676403
- http://www-01.ibm.com/support/docview.wss?uid=swg21676405
- http://www-01.ibm.com/support/docview.wss?uid=swg21676410
- http://www-01.ibm.com/support/docview.wss?uid=swg21676656
- http://www-01.ibm.com/support/docview.wss?uid=swg21676853
- http://www-01.ibm.com/support/docview.wss?uid=swg21677691
- http://www-01.ibm.com/support/docview.wss?uid=swg21677724
- http://www-01.ibm.com/support/docview.wss?uid=swg21681214
- http://www.debian.org/security/2014/dsa-2856
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/archive/1/532549/100/0/threaded
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/65400
- http://www.ubuntu.com/usn/USN-2130-1
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c
- https://svn.apache.org/viewvc?view=revision&revision=1565143
- https://svn.apache.org/viewvc?view=revision&revision=1565163
- https://svn.apache.org/viewvc?view=revision&revision=1565169
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-8.html
- https://security.gentoo.org/glsa/202107-39
- https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a
- http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E
- http://svn.apache.org/viewvc?view=revision&revision=1565169
- http://svn.apache.org/viewvc?view=revision&revision=1565143
- http://seclists.org/fulldisclosure/2014/Feb/41
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1064675
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1064673
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1065228
- https://rhn.redhat.com/errata/RHSA-2014-0253.html
- https://rhn.redhat.com/errata/RHSA-2014-0252.html
- https://rhn.redhat.com/errata/RHSA-2014-0373.html
- https://rhn.redhat.com/errata/RHSA-2014-0401.html
- https://rhn.redhat.com/errata/RHSA-2014-0400.html
- https://rhn.redhat.com/errata/RHSA-2014-0429.html
- https://rhn.redhat.com/errata/RHSA-2014-0452.html
- https://rhn.redhat.com/errata/RHSA-2014-0459.html
- https://rhn.redhat.com/errata/RHSA-2014-0473.html
- https://rhn.redhat.com/errata/RHSA-2014-0528.html
- https://rhn.redhat.com/errata/RHSA-2014-0527.html
- https://rhn.redhat.com/errata/RHSA-2014-0525.html
- https://rhn.redhat.com/errata/RHSA-2014-0526.html
- https://rhn.redhat.com/errata/RHSA-2015-1009.html
Frequently Asked Questions
What is the severity of CVE-2014-0050?
CVE-2014-0050 has a severity rating that indicates it can lead to a denial of service when exploited.
How do I fix CVE-2014-0050?
To fix CVE-2014-0050, upgrade your Apache Tomcat or Apache Commons FileUpload to the advised versions: Tomcat 7.0.52 or 8.0.3, and Commons FileUpload 1.3.1.
Which versions are affected by CVE-2014-0050?
CVE-2014-0050 affects multiple versions of Apache Commons FileUpload and Apache Tomcat, up to 7.0.50 and 8.0.1 respectively.
Is CVE-2014-0050 specifically an Apache Tomcat vulnerability?
Yes, CVE-2014-0050 is a vulnerability that affects Apache Tomcat due to its embedded use of Apache Commons FileUpload.
Can CVE-2014-0050 affect other software apart from Tomcat?
Yes, CVE-2014-0050 can also affect applications using Apache Commons FileUpload if they do not handle multipart requests correctly.
- collector/github-advisory
- alias/GHSA-xx68-jfcg-xmmf
- alias/CVE-2014-0050
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/github-advisory-latest
- source/GitHub
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/maven
- package-manager/redhat
- vendor/oracle
- canonical/oracle retail applications
- version/oracle retail applications/12.0
- version/oracle retail applications/12.0in
- version/oracle retail applications/13.0
- version/oracle retail applications/13.1
- version/oracle retail applications/13.2
- version/oracle retail applications/13.3
- version/oracle retail applications/13.4
- version/oracle retail applications/14.0
- vendor/apache
- canonical/apache commons fileupload
- version/apache commons fileupload/1.3
- version/apache commons fileupload/1.0
- version/apache commons fileupload/1.1
- version/apache commons fileupload/1.1.1
- version/apache commons fileupload/1.2
- version/apache commons fileupload/1.2.1
- version/apache commons fileupload/1.2.2
- canonical/tomcat
- version/tomcat/7.0.0
- version/tomcat/7.0.0-beta
- version/tomcat/7.0.1
- version/tomcat/7.0.2
- version/tomcat/7.0.2-beta
- version/tomcat/7.0.3
- version/tomcat/7.0.4
- version/tomcat/7.0.4-beta
- version/tomcat/7.0.5
- version/tomcat/7.0.6
- version/tomcat/7.0.7
- version/tomcat/7.0.8
- version/tomcat/7.0.9
- version/tomcat/7.0.10
- version/tomcat/7.0.11
- version/tomcat/7.0.12
- version/tomcat/7.0.13
- version/tomcat/7.0.14
- version/tomcat/7.0.15
- version/tomcat/7.0.16
- version/tomcat/7.0.17
- version/tomcat/7.0.18
- version/tomcat/7.0.19
- version/tomcat/7.0.20
- version/tomcat/7.0.21
- version/tomcat/7.0.22
- version/tomcat/7.0.23
- version/tomcat/7.0.24
- version/tomcat/7.0.25
- version/tomcat/7.0.26
- version/tomcat/7.0.27
- version/tomcat/7.0.28
- version/tomcat/7.0.29
- version/tomcat/7.0.30
- version/tomcat/7.0.31
- version/tomcat/7.0.32
- version/tomcat/7.0.33
- version/tomcat/7.0.34
- version/tomcat/7.0.35
- version/tomcat/7.0.36
- version/tomcat/7.0.37
- version/tomcat/7.0.38
- version/tomcat/7.0.39
- version/tomcat/7.0.40
- version/tomcat/7.0.41
- version/tomcat/7.0.42
- version/tomcat/7.0.43
- version/tomcat/7.0.44
- version/tomcat/7.0.45
- version/tomcat/7.0.46
- version/tomcat/7.0.47
- version/tomcat/7.0.48
- version/tomcat/7.0.49
- version/tomcat/7.0.50
- version/tomcat/8.0.0-rc1
- version/tomcat/8.0.0-rc10
- version/tomcat/8.0.0-rc2
- version/tomcat/8.0.0-rc5
- version/tomcat/8.0.1