CVE-2014-0050: Denial of service
(updated )
MultipartStream.java in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.
References
- blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
- struts.apache.org/docs/s2-020.html
- svn.apache.org/viewvc?view=revision&revision=1565143
- web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050
Detect and mitigate CVE-2014-0050 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →