The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tomcat7-examples": "7.0.52-1ubuntu0.6", "tomcat7-admin": "7.0.52-1ubuntu0.6", "tomcat7-user": "7.0.52-1ubuntu0.6", "libservlet3.0-java": "7.0.52-1ubuntu0.6", "libservlet3.0-java-doc": "7.0.52-1ubuntu0.6", "libtomcat7-java": "7.0.52-1ubuntu0.6", "tomcat7-docs": "7.0.52-1ubuntu0.6", "tomcat7": "7.0.52-1ubuntu0.6", "tomcat7-common": "7.0.52-1ubuntu0.6" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "tomcat6-user": "6.0.39-1ubuntu0.1+esm1", "libtomcat6-java": "6.0.39-1ubuntu0.1+esm1", "tomcat6-examples": "6.0.39-1ubuntu0.1+esm1", "libservlet2.5-java": "6.0.39-1ubuntu0.1+esm1", "tomcat6-admin": "6.0.39-1ubuntu0.1+esm1", "tomcat6-extras": "6.0.39-1ubuntu0.1+esm1", "libservlet2.5-java-doc": "6.0.39-1ubuntu0.1+esm1", "libservlet2.4-java": "6.0.39-1ubuntu0.1+esm1", "tomcat6": "6.0.39-1ubuntu0.1+esm1", "tomcat6-common": "6.0.39-1ubuntu0.1+esm1", "tomcat6-docs": "6.0.39-1ubuntu0.1+esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tomcat7-examples": "7.0.68-1ubuntu0.1", "tomcat7-admin": "7.0.68-1ubuntu0.1", "tomcat7-user": "7.0.68-1ubuntu0.1", "libservlet3.0-java": "7.0.68-1ubuntu0.1", "libservlet3.0-java-doc": "7.0.68-1ubuntu0.1", "libtomcat7-java": "7.0.68-1ubuntu0.1", "tomcat7-docs": "7.0.68-1ubuntu0.1", "tomcat7": "7.0.68-1ubuntu0.1", "tomcat7-common": "7.0.68-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tomcat8-common": "8.0.32-1ubuntu1.1", "tomcat8-admin": "8.0.32-1ubuntu1.1", "tomcat8-user": "8.0.32-1ubuntu1.1", "libtomcat8-java": "8.0.32-1ubuntu1.1", "tomcat8": "8.0.32-1ubuntu1.1", "tomcat8-examples": "8.0.32-1ubuntu1.1", "libservlet3.1-java-doc": "8.0.32-1ubuntu1.1", "libservlet3.1-java": "8.0.32-1ubuntu1.1", "tomcat8-docs": "8.0.32-1ubuntu1.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tomcat9": "9.0.16-3~18.04.1", "tomcat9-user": "9.0.16-3~18.04.1", "libtomcat9-embed-java": "9.0.16-3~18.04.1", "tomcat9-docs": "9.0.16-3~18.04.1", "libtomcat9-java": "9.0.16-3~18.04.1", "tomcat9-examples": "9.0.16-3~18.04.1", "tomcat9-common": "9.0.16-3~18.04.1", "tomcat9-admin": "9.0.16-3~18.04.1" } ] }