Vulnerabilities > Apache > Commons Fileupload > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2023-24998 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
network
low complexity
apache debian
7.5
2016-07-04 CVE-2016-3092 Improper Input Validation vulnerability in multiple products
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
network
low complexity
hp apache debian canonical CWE-20
7.5