CVE-2013-2186
published 2013-10-28CVE-2013-2186: The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 7.0.39 | — |
| debian | libcommons-fileupload-java | < libcommons-fileupload-java 1.3-2.1 (bookworm) | libcommons-fileupload-java 1.3-2.1 (bookworm) |
| jenkins | certain_pages_in_monitoring_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | monitoring_plugin | — | — |
| jenkins | user_of_monitoring_plugin | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_portal_platform | — | — |
| redhat | jboss_enterprise_portal_platform | — | — |
| redhat | jboss_enterprise_portal_platform | — | — |
| redhat | jboss_enterprise_web_server | — | — |
| redhat | openshift | <= 3.1 | — |
| ubuntu | ubuntu | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH