oss-sec mailing list archives

Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

From: Arun Neelicattu <abn () redhat com>
Date: Mon, 17 Feb 2014 04:12:07 -0500 (EST)

Hi,

Checking to see if there has been a decision regarding this? Will there be a split?

-arun

----- Original Message -----

From: "Arun Neelicattu" <abn () redhat com>
To: oss-security () lists openwall com
Cc: cve-assign () mitre org
Sent: Friday, February 7, 2014 11:09:49 AM
Subject: [oss-security] CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

Hi,

CVE-2014-0050 was assigned to a flaw that affects both Apache Commons
FileUpload and Apache Tomcat DoS [1].

Although Commons FileUpload and Tomcat are affected by this flaw and the
vulnerable classes share the same ancestry, the code bases for them have
been maintained in separate source trees for a long while now.

Can this CVE be split?

-arun

[1] http://seclists.org/fulldisclosure/2014/Feb/41

--
Arun Neelicattu / Red Hat Security Response Team
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B

Current thread:

CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu (Feb 06)
- Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu (Feb 17)
- Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS cve-assign (Mar 28)