Miggo Logo
Miggo Vulnerability Database
CVE-2016-3092

CVE-2016-3092:
High severity vulnerability that affects commons-fileupload:commons-fileupload

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-3092
GHSA ID
GHSA-fvm3-cfvj-gxqq
EPSS Score
0.97428%
CWE
CWE-20
Published
12/21/2018
Updated
12/17/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
commons-fileupload:commons-fileuploadmaven< 1.3.21.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the patch provided for CVE-2016-3092, which modifies the findBytes method in MultipartStream.java to prevent the denial of service vulnerability. The function is directly related to the processing of multipart requests and is the primary location where the vulnerability is fixed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** Multip*rtStr**m *l*ss in *p**** *ommons *il*uplo** ***or* *.*.*, *s us** in *p**** Tom**t *.x ***or* *.*.**, *.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.x ***or* *.*.*.M* *n* ot**r pro*u*ts, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (

Reasoning

T** *n*lysis is **s** on t** p*t** provi*** *or *V*-****-****, w*i** mo*i*i*s t** `*in**yt*s` m*t*o* in `Multip*rtStr**m.j*v*` to pr*v*nt t** **ni*l o* s*rvi** vuln*r**ility. T** `*un*tion` is *ir**tly r*l*t** to t** pro**ssin* o* multip*rt r*qu*sts