vulnerability

Apache Tomcat: Moderate: Denial of Service (CVE-2016-3092)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jun 23, 2016	Jun 23, 2016	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jun 23, 2016

Added

Jun 23, 2016

Modified

Apr 14, 2025

Description

Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to
implement the file upload requirements of the Servlet specification. A
denial of service vulnerability was identified in Commons FileUpload that
occurred when the length of the multipart boundary was just below the
size of the buffer (4096 bytes) used to read the uploaded file. This
caused the file upload process to take several orders of magnitude
longer than if the boundary was the typical tens of bytes long.

Solution(s)

apache-tomcat-upgrade-7_0_70apache-tomcat-upgrade-8_0_36

References

CVE-2016-3092
https://attackerkb.com/topics/CVE-2016-3092
URL-http://tomcat.apache.org/security-7.html
URL-http://tomcat.apache.org/security-8.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today