CVE-2013-0248

CWE-264CWE-276Incorrect Default PermissionsCWE-552Files Accessible to External Parties9 documents7 sources
Severity
3.3LOW
EPSS
0.1%
top 79.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Commons Fileupload
Timeline
PublishedMar 15
Latest updateMay 5

Description

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

NVDapache/commons_fileupload6 versions+5
Debianlibcommons-fileupload-java< 1.3-1+3

🔴Vulnerability Details

4
OSV
Incorrect Default Permissions in Apache Commons FileUpload2022-05-05
GHSA
Incorrect Default Permissions in Apache Commons FileUpload2022-05-05
OSV
CVE-2013-0248: The default configuration of javax2013-03-15
CVEList
CVE-2013-0248: The default configuration of javax2013-03-15

📋Vendor Advisories

2
Red Hat
apache-commons-fileupload: /tmp directory used by default for uploaded files (possibility to overwrite arbitrary files)2013-03-06
Debian
CVE-2013-0248: libcommons-fileupload-java - The default configuration of javax.servlet.context.tempdir in Apache Commons Fil...2013

💬Community

2
Bugzilla
CVE-2013-0248 jakarta-commons-fileupload, apache-commons-fileupload: /tmp directory used by default for uploaded files (possibility to overwrite arbitrary files) [fedora-all]2013-03-15
Bugzilla
CVE-2013-0248 apache-commons-fileupload: /tmp directory used by default for uploaded files (possibility to overwrite arbitrary files)2013-03-15
CVE-2013-0248 (LOW CVSS 3.3) | The default configuration of javax. | cvebase.io