CVE-2016-3092: High severity vulnerability that affects commons-fileupload:commons-fileupload
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.97428%
CWE
Published
12/21/2018
Updated
12/17/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
commons-fileupload:commons-fileupload | maven | < 1.3.2 | 1.3.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The analysis is based on the patch provided for CVE-2016-3092, which modifies the findBytes
method in MultipartStream.java
to prevent the denial of service vulnerability. The function
is directly related to the processing of multipart requests and is the primary location where the vulnerability is fixed.