Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN375

_____________________________________________________________________

DATE                : 19/06/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Commons FileUpload
                     versions prior to 1.6, 2.0.0-M4.

=====================================================================
https://lists.apache.org/thread/w91s0vwxglktn6mzyd6mfznxspyytd2g
_____________________________________________________________________

CVE-2025-48976: Apache Commons FileUpload: DoS via part headers
Severity: important

Affected versions:

- Apache Commons FileUpload (commons-fileupload:commons-fileupload)
1.0 before 1.6
- Apache Commons FileUpload (org.apache.commons:commons-fileupload2) 
2.0.0-M1 before 2.0.0-M4


Description:

Allocation of resources for multipart headers with insufficient
limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6;
from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4,
which fix the issue.


Credit:

TERASOLUNA Framework Security Team of NTT DATA Group Corporation
(finder)


References:

https://commons.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48976

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================