Think you have a false positive on this rule?

Sid 1-39908

Message

SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt

Summary

This event is generated when Apache Tomcat Commons FileUpload library denial of service attempt is made.

Impact

Detection of a Denial of Service Attack

CVE-2016-3092:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2016-3092: The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Affected systems

  • apache commons_fileupload 1.3.1
  • apache tomcat 7.0.0
  • apache tomcat 7.0.1
  • apache tomcat 7.0.2
  • apache tomcat 7.0.4
  • apache tomcat 7.0.5
  • apache tomcat 7.0.6
  • apache tomcat 7.0.8
  • apache tomcat 7.0.10
  • apache tomcat 7.0.11
  • apache tomcat 7.0.12
  • apache tomcat 7.0.14
  • apache tomcat 7.0.16
  • apache tomcat 7.0.19
  • apache tomcat 7.0.20
  • apache tomcat 7.0.21
  • apache tomcat 7.0.22
  • apache tomcat 7.0.23
  • apache tomcat 7.0.25
  • apache tomcat 7.0.26
  • apache tomcat 7.0.27
  • apache tomcat 7.0.28
  • apache tomcat 7.0.29
  • apache tomcat 7.0.30
  • apache tomcat 7.0.32
  • apache tomcat 7.0.33
  • apache tomcat 7.0.34
  • apache tomcat 7.0.35
  • apache tomcat 7.0.37
  • apache tomcat 7.0.39
  • apache tomcat 7.0.40
  • apache tomcat 7.0.41
  • apache tomcat 7.0.42
  • apache tomcat 7.0.47
  • apache tomcat 7.0.50
  • apache tomcat 7.0.52
  • apache tomcat 7.0.53
  • apache tomcat 7.0.54
  • apache tomcat 7.0.55
  • apache tomcat 7.0.56
  • apache tomcat 7.0.57
  • apache tomcat 7.0.59
  • apache tomcat 7.0.61
  • apache tomcat 7.0.62
  • apache tomcat 7.0.63
  • apache tomcat 7.0.64
  • apache tomcat 7.0.65
  • apache tomcat 7.0.67
  • apache tomcat 7.0.68
  • apache tomcat 7.0.69
  • apache tomcat 8.0.0
  • apache tomcat 8.0.1
  • apache tomcat 8.0.3
  • apache tomcat 8.0.5
  • apache tomcat 8.0.8
  • apache tomcat 8.0.11
  • apache tomcat 8.0.12
  • apache tomcat 8.0.14
  • apache tomcat 8.0.15
  • apache tomcat 8.0.17
  • apache tomcat 8.0.18
  • apache tomcat 8.0.20
  • apache tomcat 8.0.21
  • apache tomcat 8.0.22
  • apache tomcat 8.0.23
  • apache tomcat 8.0.24
  • apache tomcat 8.0.26
  • apache tomcat 8.0.27
  • apache tomcat 8.0.28
  • apache tomcat 8.0.29
  • apache tomcat 8.0.30
  • apache tomcat 8.0.32
  • apache tomcat 8.0.33
  • apache tomcat 8.0.35
  • apache tomcat 8.5.0
  • apache tomcat 8.5.2
  • apache tomcat 9.0.0
  • hp icewallidentitymanager 5.0
  • hp icewallssoagent_option 10.0
  • canonical ubuntu_linux 12.04
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 15.10
  • canonical ubuntu_linux 16.04
  • debian debian_linux 8.0

Ease of attack

CVE-2016-3092:

Access Vector

Access Complexity

Authentication

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References