CVE-2016-3092: Denial of Service
(updated )
The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
- mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
- svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h
- tomcat.apache.org/security.html
- bugzilla.redhat.com/show_bug.cgi?id=1349475
- cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
Code Behaviors & Features
Detect and mitigate CVE-2016-3092 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →