Published: 15/03/2013 Updated: 17/07/2021

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 295

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache commons fileupload 1.0
apache commons fileupload 1.1
apache commons fileupload 1.1.1
apache commons fileupload 1.2
apache commons fileupload 1.2.1
apache commons fileupload 1.2.2

Version based search for vulnerabilities in Jar files, using victims-cve-db database.

Victims CVE Database Version Search This script allows searching for vulnerabilities associated with specific versions of Java archives (jar files) using database provided by victims-cve-db For each jar file the version information is retrieved: Using Maven manifest (pomxml), if it does exist within jar Using version included into filename and filename as artifactId Using

Table of Contents Intro Role - Info Security Engineer Use Case - Policy Management Use Case - Compliance Reporting and Remediation Use Case - Create a new policy Use Case - Vulnerability Management Use Case - Report generation of the vulnerablilities Use Case - Runtime violations Use Case - Risk Profiling Use Case - Add a custom policy based on Risk Identified Use Case - Glob

CWE-264 http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html http://www.osvdb.org/90906 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.securityfocus.com/bid/58326 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://security.gentoo.org/glsa/202107-39 https://nvd.nist.gov https://github.com/adedov/victims-version-search

CVE-2013-0248

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect