CVE-2013-0248
published 2013-03-15CVE-2013-0248: The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which…
low3.3CVSS 3.1
AVLACMAuNCNIPAP
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_fileupload | — | — |
| apache | commons_fileupload | — | — |
| apache | commons_fileupload | — | — |
| apache | commons_fileupload | — | — |
| apache | commons_fileupload | — | — |
| apache | commons_fileupload | — | — |
| debian | libcommons-fileupload-java | < libcommons-fileupload-java 1.3-1 (bookworm) | libcommons-fileupload-java 1.3-1 (bookworm) |
CVSS provenance
nvd3.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
osv3.3LOW