Vulnerability & Exploit Database

Back to search

Jenkins Advisory 2017-10-11: CVE-2017-1000394: CVE-2016-3092: Jenkins core bundled vulnerable version of the commons-fileupload library

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) July 04, 2016 November 20, 2017 March 21, 2018

Description

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

jenkins-lts-upgrade-2_73_2

Related Vulnerabilities