CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*

Configuration 2 (hide)

cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*

History

No history.

Information

Published : 2013-10-28 21:55

Updated : 2024-02-28 12:00


NVD link : CVE-2013-2186

Mitre link : CVE-2013-2186

CVE.ORG link : CVE-2013-2186


JSON object : View

Products Affected

redhat

  • jboss_enterprise_brms_platform
  • jboss_enterprise_portal_platform
  • jboss_enterprise_web_server
  • openshift

ubuntu

  • ubuntu
CWE
CWE-20

Improper Input Validation