nvd-json-data-feeds/CVE-2020/CVE-2020-131xx/CVE-2020-13128.json

{
  "id": "CVE-2020-13128",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-05-18T00:15:11.547",
  "lastModified": "2020-05-19T15:00:47.637",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Manolo GWTUpload versi\u00f3n 1.0.3. El archivo server/UploadServlet.java (el servlet para manejar la carga de archivos) acepta un par\u00e1metro delay que causa que un subproceso (hilo) se suspenda. Esto puede ser abusado para causar que todos los subprocesos (hilos) de un servidor se suspendan, conllevando a una denegaci\u00f3n de servicio."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gwtupload_project:gwtupload:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DF83B6-87E9-4C19-8616-59B0CE2A0364"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/manolo/gwtupload/issues/33",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://logicaltrust.net/blog/2020/02/gwt-upload.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}