Thanks Chuck. We are not using Apache Commons FileUpload or Tomcat's
implementation of FileUpload.
> From: Aditi Sinha [mailto:adisinha0...@gmail.com]
> Subject: Need info on CVE-2014-0050
> We are using Tomcat 7.0.40 as web server.
> How can we confirm if our application is vulnerable or not to CVE-2014-0050?
Read the relevant security pages:
http://tomcat.apache.org/security
Hi,
We are using Tomcat 7.0.40 as web server. It deploys a REST based(Jersey)
web application where few requests are multipart requests. These requests
accept byte array input.
We tried to reproduce this vulnerability by sending more than 4091
characters in the boundary field. The request failed
