VYPR

Commons Fileupload

by Apache

Source repositories

CVEs (6)

  • CVE-2016-1000031CriOct 25, 2016
    risk 0.66cvss 9.8epss 0.35

    Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

  • CVE-2016-3092HigJul 4, 2016
    risk 0.52cvss 7.5epss 0.36

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…

  • CVE-2014-0050Apr 1, 2014
    risk 0.03cvss epss 0.83

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended…

  • CVE-2025-48976Jun 16, 2025
    risk 0.00cvss epss 0.63

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6…

  • CVE-2023-24998Feb 20, 2023
    risk 0.00cvss epss 0.47

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new…

  • CVE-2013-0248Mar 15, 2013
    risk 0.00cvss epss 0.01

    The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.