CVE-2016-3092
- Source
- https://cve.org/CVERecord?id=CVE-2016-3092
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3092.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-3092
- Aliases
- Downstream
- Related
- Published
- 2016-07-04T22:59:04.303Z
- Modified
- 2026-03-18T11:11:57.621707Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
- References
-
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
- http://www.securitytracker.com/id/1036427
- http://www.securitytracker.com/id/1036900
- http://svn.apache.org/viewvc?view=revision&revision=1743480
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securitytracker.com/id/1037029
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- http://www.securitytracker.com/id/1039606
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
- http://rhn.redhat.com/errata/RHSA-2016-2069.html
- http://tomcat.apache.org/security-8.html
- http://www.debian.org/security/2016/dsa-3614
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://svn.apache.org/viewvc?view=revision&revision=1743742
- http://www.debian.org/security/2016/dsa-3609
- http://www.ubuntu.com/usn/USN-3027-1
- https://access.redhat.com/errata/RHSA-2017:0456
- http://rhn.redhat.com/errata/RHSA-2016-2068.html
- http://rhn.redhat.com/errata/RHSA-2016-2070.html
- http://www.debian.org/security/2016/dsa-3611
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://access.redhat.com/errata/RHSA-2017:0455
- http://rhn.redhat.com/errata/RHSA-2016-2071.html
- http://rhn.redhat.com/errata/RHSA-2016-2808.html
- http://svn.apache.org/viewvc?view=revision&revision=1743738
- http://tomcat.apache.org/security-7.html
- http://www.ubuntu.com/usn/USN-3024-1
- http://rhn.redhat.com/errata/RHSA-2016-2807.html
- http://tomcat.apache.org/security-9.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/91453
- http://rhn.redhat.com/errata/RHSA-2016-2072.html
- http://rhn.redhat.com/errata/RHSA-2016-2599.html
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- http://svn.apache.org/viewvc?view=revision&revision=1743722
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://jvn.jp/en/jp/JVN89379547/index.html
- https://security.gentoo.org/glsa/201705-09
- https://security.netapp.com/advisory/ntap-20190212-0001/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://security.gentoo.org/glsa/202107-39
- https://bugzilla.redhat.com/show_bug.cgi?id=1349468
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
- http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Affected packages
Git / github.com/apache/commons-fileupload
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/commons-fileupload
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.3.1" } ] }
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone1" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone3" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone4" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone6" }, { "introduced": "0" }, { "last_affected": "8.5.0" }, { "introduced": "0" }, { "last_affected": "8.5.2" }, { "introduced": "0" }, { "last_affected": "7.0.0" }, { "introduced": "0" }, { "last_affected": "7.0.1" }, { "introduced": "0" }, { "last_affected": "7.0.2" }, { "introduced": "0" }, { "last_affected": "7.0.4" }, { "introduced": "0" }, { "last_affected": "7.0.5" }, { "introduced": "0" }, { "last_affected": "7.0.6" }, { "introduced": "0" }, { "last_affected": "7.0.8" }, { "introduced": "0" }, { "last_affected": "7.0.10" }, { "introduced": "0" }, { "last_affected": "7.0.11" }, { "introduced": "0" }, { "last_affected": "7.0.12" }, { "introduced": "0" }, { "last_affected": "7.0.14" }, { "introduced": "0" }, { "last_affected": "7.0.16" }, { "introduced": "0" }, { "last_affected": "7.0.19" }, { "introduced": "0" }, { "last_affected": "7.0.20" }, { "introduced": "0" }, { "last_affected": "7.0.21" }, { "introduced": "0" }, { "last_affected": "7.0.22" }, { "introduced": "0" }, { "last_affected": "7.0.23" }, { "introduced": "0" }, { "last_affected": "7.0.25" }, { "introduced": "0" }, { "last_affected": "7.0.26" }, { "introduced": "0" }, { "last_affected": "7.0.27" }, { "introduced": "0" }, { "last_affected": "7.0.28" }, { "introduced": "0" }, { "last_affected": "7.0.29" }, { "introduced": "0" }, { "last_affected": "7.0.30" }, { "introduced": "0" }, { "last_affected": "7.0.32" }, { "introduced": "0" }, { "last_affected": "7.0.33" }, { "introduced": "0" }, { "last_affected": "7.0.34" }, { "introduced": "0" }, { "last_affected": "7.0.35" }, { "introduced": "0" }, { "last_affected": "7.0.37" }, { "introduced": "0" }, { "last_affected": "7.0.39" }, { "introduced": "0" }, { "last_affected": "7.0.40" }, { "introduced": "0" }, { "last_affected": "7.0.41" }, { "introduced": "0" }, { "last_affected": "7.0.42" }, { "introduced": "0" }, { "last_affected": "7.0.47" }, { "introduced": "0" }, { "last_affected": "7.0.50" }, { "introduced": "0" }, { "last_affected": "7.0.52" }, { "introduced": "0" }, { "last_affected": "7.0.53" }, { "introduced": "0" }, { "last_affected": "7.0.54" }, { "introduced": "0" }, { "last_affected": "7.0.55" }, { "introduced": "0" }, { "last_affected": "7.0.56" }, { "introduced": "0" }, { "last_affected": "7.0.57" }, { "introduced": "0" }, { "last_affected": "7.0.59" }, { "introduced": "0" }, { "last_affected": "7.0.61" }, { "introduced": "0" }, { "last_affected": "7.0.62" }, { "introduced": "0" }, { "last_affected": "7.0.63" }, { "introduced": "0" }, { "last_affected": "7.0.64" }, { "introduced": "0" }, { "last_affected": "7.0.65" }, { "introduced": "0" }, { "last_affected": "7.0.67" }, { "introduced": "0" }, { "last_affected": "7.0.68" }, { "introduced": "0" }, { "last_affected": "7.0.69" } ] }
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3092.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.0-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.0-rc10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.0-rc5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.2-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.4-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.5-beta"
}
]
}
]