Miggo Logo

CVE-2016-3092: High severity vulnerability that affects commons-fileupload:commons-fileupload

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.97428%
Published
12/21/2018
Updated
12/17/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
commons-fileupload:commons-fileuploadmaven< 1.3.21.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the patch provided for CVE-2016-3092, which modifies the findBytes method in MultipartStream.java to prevent the denial of service vulnerability. The function is directly related to the processing of multipart requests and is the primary location where the vulnerability is fixed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** Multip*rtStr**m *l*ss in *p**** *ommons *il*uplo** ***or* *.*.*, *s us** in *p**** Tom**t *.x ***or* *.*.**, *.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.x ***or* *.*.*.M* *n* ot**r pro*u*ts, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (

Reasoning

T** *n*lysis is **s** on t** p*t** provi*** *or *V*-****-****, w*i** mo*i*i*s t** `*in**yt*s` m*t*o* in `Multip*rtStr**m.j*v*` to pr*v*nt t** **ni*l o* s*rvi** vuln*r**ility. T** `*un*tion` is *ir**tly r*l*t** to t** pro**ssin* o* multip*rt r*qu*sts