Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-02-20T15:57:07.372Z

Updated: 2024-08-02T11:11:43.763Z

Reserved: 2023-02-01T10:32:05.492Z

Link: CVE-2023-24998

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-20T16:15:10.423

Modified: 2024-11-21T07:48:54.163

Link: CVE-2023-24998

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-20T00:00:00Z

Links: CVE-2023-24998 - Bugzilla