Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1 as used in Apache Tomcat JBoss Web and other products allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop39s intended exit conditions.