Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1065228 - CVE-2014-0050 in EAP
Summary: CVE-2014-0050 in EAP
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web
Version: 6.2.0
Hardware: All
OS: All
Target Milestone: ---
: ---
Assignee: Rémy Maucherat
QA Contact: Radim Hatlapatka
Russell Dickenson
Depends On:
TreeView+ depends on / blocked
Reported: 2014-02-14 07:31 UTC by Michal P
Modified: 2014-02-14 16:47 UTC (History)
0 users

Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-02-14 16:47:16 UTC
Type: Bug

Attachments (Terms of Use)
CPU usage (deleted)
2014-02-14 07:31 UTC, Michal P
no flags Details

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1062337 None None None Never

Description Michal P 2014-02-14 07:31:16 UTC
Created attachment 863132 [details]
CPU usage

Description of problem: provide a fix for CVE-2014-0050 (link provided) in EAP 6.2.x branch. 

How reproducible: always

Steps to Reproduce:
1. Find a servlet with file upload capability
2. Run the attack against it

Actual results: server stuck in infinite loop. One request takes 100% core usage. 
Expected results: web component parses the request and returns to user code

Additional info: since I can't browse security bugs feel free to close this bug if it's a duplicate.

Comment 1 Vincent Danen 2014-02-14 16:47:16 UTC
This is indeed a duplicate of bug #1062337 which you should be able to view (it's not a private bug).

*** This bug has been marked as a duplicate of bug 1062337 ***

Note You need to log in before you can comment on or make changes to this bug.