1 Reply Latest reply on Sep 30, 2015 11:58 AM by ctomc

    jboss-as-7.1.1.Final CVE-2014-0050 apache-commons-fileupload: denial of service

    padivi1

      Thank you for taking the time to read my post. If the solution to this were already discussed in the forums please point me in the right direction.

       

      jboss-as-7.1.1.Final is affected by "CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream" and this bug is recorded in the redhat bugzilla  with the bug number 1062337 (Bug 1062337 – CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartS…) . Please let me know what patch can be applied to jboss-as-7.1.1.Final in order to fix this bug and what the best way of applying the patch would be.

        • 1. Re: jboss-as-7.1.1.Final CVE-2014-0050 apache-commons-fileupload: denial of service
          ctomc

          You will need to upgrade to newer community version of Jboss AS, which isn't affected by this CVE.

          Jboss AS was renamed to WildFly after version 7, so grab any 8 or newer version and you should be fine, you can grab it at http://wildfly.org/downloads/

           

          The links you send apply to JBoss EAP, Red Hat commercially supported version of application server and not directly to community versions.

          Community codebase is fixed as well but fixes are available as part of new versions.

          Basically think of new version community releases as cumulative security updates that get all fixes as well as new features.