CVE-2016-1000031 — Improper Access Control in Apache Commons Fileupload

CWE-284 — Improper Access Control CWE-502 — Deserialization of Untrusted Data17 documents10 sources

Severity

9.8CRITICALNVD

EPSS

50.1%

top 2.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Commons Fileupload

Timeline

PublishedOct 25

Latest updateOct 15

Description

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDapache/commons_fileupload1.3.2

🔴Vulnerability Details

OSV

Improper Access Control in commons-fileupload↗2018-12-21

▶

GHSA

Improper Access Control in commons-fileupload↗2018-12-21

▶

CVEList

CVE-2016-1000031: Apache Commons FileUpload before 1↗2016-10-25

▶

OSV

CVE-2016-1000031: Apache Commons FileUpload before 1↗2016-10-25

▶

📋Vendor Advisories

Oracle

Oracle Oracle Insurance Applications Risk Matrix: Development tools (Apache Commons FileUpload) — CVE-2016-1000031↗2021-10-15

▶

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Reporting Framework (Apache Commons FileUpload) — CVE-2016-1000031↗2021-01-15

▶

Oracle

Oracle Oracle REST Data Services Risk Matrix: General (Apache Commons FileUpload) — CVE-2016-1000031↗2020-10-15

▶

Oracle

Oracle Oracle Database Server Risk Matrix: MapViewer (Apache Commons FileUpload) — CVE-2016-1000031↗2020-07-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: BI Platform Security (Apache Commons FileUpload) — CVE-2016-1000031↗2020-04-15

▶

🕵️Threat Intelligence

Tenable

Apache Struts Patches Remote Code Execution Vulnerability in FileUpload Library (CVE-2016-1000031)↗2018-11-05

▶

💬Community

Bugzilla

CVE-2016-1000031 Apache Commons FileUpload: DiskFileItem file manipulation↗2016-11-09

▶