Skip to main content

Commons Fileupload

6 CVEs product

Monthly

CVE-2025-48976 Maven HIGH PATCH This Week

Apache Commons FileUpload contains a Denial of Service vulnerability in multipart header processing due to insufficient resource allocation limits (CWE-770). Affected versions are 1.0 through 1.5.x and 2.0.0-M1 through 2.0.0-M3. An unauthenticated remote attacker can exploit this with a network request to cause resource exhaustion and service unavailability without requiring user interaction or elevated privileges. CVSS 7.5 (High) reflects the high availability impact; KEV and EPSS data availability would determine exploitation likelihood in the wild.

Apache Denial Of Service Java Commons Fileupload Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-24998 Maven HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service Commons Fileupload Debian Linux
NVD
CVSS 3.1
7.5
EPSS
46.8%
CVE-2016-1000031 Maven CRITICAL PATCH Act Now

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.4%.

Apache RCE Authentication Bypass Commons Fileupload
NVD
CVSS 3.0
9.8
EPSS
56.4%
CVE-2016-3092 Maven HIGH PATCH Act Now

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9%.

Tomcat Denial Of Service Apache Icewall Identity Manager Icewall Sso Agent Option +3
NVD
CVSS 3.0
7.5
EPSS
33.9%
CVE-2014-0050 Maven HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
92.7%
Threat
5.8
CVE-2013-0248 Maven LOW PATCH Monitor

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary. Rated low severity (CVSS 3.3).

Privilege Escalation Apache Commons Fileupload
NVD
CVSS 2.0
3.3
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apache Commons FileUpload contains a Denial of Service vulnerability in multipart header processing due to insufficient resource allocation limits (CWE-770). Affected versions are 1.0 through 1.5.x and 2.0.0-M1 through 2.0.0-M3. An unauthenticated remote attacker can exploit this with a network request to cause resource exhaustion and service unavailability without requiring user interaction or elevated privileges. CVSS 7.5 (High) reflects the high availability impact; KEV and EPSS data availability would determine exploitation likelihood in the wild.

Apache Denial Of Service Java +3
NVD GitHub
EPSS 47% CVSS 7.5
HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service +2
NVD
EPSS 56% CVSS 9.8
CRITICAL PATCH Act Now

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.4%.

Apache RCE Authentication Bypass +1
NVD
EPSS 34% CVSS 7.5
HIGH PATCH Act Now

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9%.

Tomcat Denial Of Service Apache +5
NVD
EPSS 93% 5.8 CVSS 7.5
HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java +4
NVD Exploit-DB VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary. Rated low severity (CVSS 3.3).

Privilege Escalation Apache Commons Fileupload
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy