Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-7085

Security Vulnerability - Action Required: “Improper Input Validation” vulnerability in some versions of org.apache.wicket:wicket-util



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 1.5.12, 6.15.0, 6.16.0, 6.17.0, 6.18.0, 1.5.13, 6.19.0, 6.20.0, 1.5.14, 6.21.0, 6.22.0, 6.23.0, 1.5.15
    • None
    • wicket
    • None


      I think the method org.apache.wicket.util.upload.MultipartFormInputStream.<init>(InputStream input, byte[] boundary, int bufSize, ProgressNotifier pNotifier) may have an “Improper Input Validation”vulnerability which is vulnerable in org.apache.wicket:wicket-util in the versions of 1.5.12-1.5.15,6.15.0-6.23.0. It shares similarities to a recent CVE disclosure CVE-2016-3092 in the project "apache/commons-fileupload" project.

      The source vulnerability information is as follows: 

      Vulnerability Detail:

      CVE Identifier: CVE-2016-3092

      Description: The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

      Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-3092

      Patch: https://github.com/apache/commons-fileupload/commit/774ef160d591b579f703c694002e080f99bcd28b
      Vulnerability Description: 

          In the vulnerable code, if the boundary string is null, an IllegalArgumentException is thrown. The code then initializes various variables, including the input stream, buffer, and boundary string. However, it fails to adequately check the size of the buffer. If the buffer size is smaller than the length of the boundary string plus 1, an IllegalArgumentException is thrown. This allows an attacker to provide an excessively long boundary string, causing a buffer overflow and resulting in denial-of-service by consuming CPU resources.
          Considering the potential risks it may have, I am willing to cooperate with you to verify, address, and report the identified vulnerability promptly through responsible means. If you require any further information or assistance, please do not hesitate to reach out to me. Thank you and look forward to hearing from you soon.




            Unassigned Unassigned
            crispy-fried-chicken Yiheng Cao
            0 Vote for this issue
            2 Start watching this issue