Advisories ยป MGASA-2016-0260

Updated tomcat/apache-commons-fileupload packages fix security vulnerability

Publication date: 26 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3092


The TERASOLUNA Framework Development Team discovered a denial of service
vulnerability in Apache Commons FileUpload. A remote attacker can take
advantage of this flaw by sending file upload requests that cause the HTTP
server using the Apache Commons Fileupload library to become unresponsive,
preventing the server from servicing other requests.

Tomcat contains a bundled copy of this library, so it has also been
patched to fix this issue.