MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tomcat7-examples": "7.0.52-1", "tomcat7-admin": "7.0.52-1", "tomcat7-user": "7.0.52-1", "libservlet3.0-java": "7.0.52-1", "libservlet3.0-java-doc": "7.0.52-1", "libtomcat7-java": "7.0.52-1", "tomcat7-docs": "7.0.52-1", "tomcat7": "7.0.52-1", "tomcat7-common": "7.0.52-1" } ] }