CVE-2014-0050

This exploit targets CVE-2014-0050, a DoS vulnerability in Apache Commons FileUpload and Apache Tomcat. It sends malformed multipart/form-data requests with oversized headers to trigger resource exhaustion.

This repository contains a proof-of-concept exploit for CVE-2014-0050, a denial-of-service (DoS) vulnerability in Apache Commons FileUpload and Apache Tomcat. The exploit leverages a malformed multipart boundary to trigger excessive CPU usage on the target server.

This repository contains the vulnerable source code of Apache Commons FileUpload (version affected by CVE-2014-0050), which is a denial-of-service (DoS) vulnerability caused by inefficient handling of multipart form data. The code includes deprecated classes like `DefaultFileItem` and `DefaultFileItemFactory`, which are part of the vulnerable implementation.

This repository contains the vulnerable source code of Apache Commons FileUpload (version affected by CVE-2014-0050), specifically the deprecated `DefaultFileItem` and `DefaultFileItemFactory` classes. It serves as a reference for analyzing the vulnerability but does not include an exploit or PoC.

This Metasploit module exploits a DoS vulnerability in Apache Commons FileUpload (1.0-1.3) and Apache Tomcat (7.0.0-7.0.50, 8.0.0-RC1-8.0.1) by sending a crafted Content-Type header with an excessively long boundary, triggering an infinite loop.