FreeBSD : Apache Commons FileUpload -- denial of service (DoS) vulnerability (cbceeb49-3bc7-11e6-8e82-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mark Thomas reports :

CVE-2016-3092 is a denial of service vulnerability that has been
corrected in the Apache Commons FileUpload component. It occurred when
the length of the multipart boundary was just below the size of the
buffer (4096 bytes) used to read the uploaded file. This caused the
file upload process to take several orders of magnitude longer than if
the boundary length was the typical tens of bytes.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209669
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.nessus.org/u?1b2fba73
http://jvn.jp/en/jp/JVN89379547/index.html
http://www.nessus.org/u?b39f8ff6

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91841 ()

Bugtraq ID:

CVE ID: CVE-2016-3092

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now