Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-02-20T15:57:07.372Z
Updated: 2024-08-02T11:11:43.763Z
Reserved: 2023-02-01T10:32:05.492Z
Link: CVE-2023-24998
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-20T16:15:10.423
Modified: 2024-11-21T07:48:54.163
Link: CVE-2023-24998
Redhat