Published: 28/10/2013 Updated: 09/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote malicious users to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise brms platform 5.3.1
redhat jboss enterprise web server 1.0.2
redhat jboss enterprise portal platform 6.0.0
redhat openshift
redhat jboss enterprise portal platform 5.2.2
redhat jboss enterprise portal platform 4.3.0
ubuntu ubuntu 10.04

Synopsis Important: jakarta-commons-fileupload security update Type/Severity Security Advisory: Important Topic An updated jakarta-commons-fileupload package that fixes one security issueis now available for Red Hat JBoss Web Server 102 for Red Hat EnterpriseLinux 5 and 6The Red Hat Security Response Tea ...

Apache Commons FileUpload could be made to overwrite files ...

Debian Bug report logs - #726601 libcommons-fileupload-java: CVE-2013-2186 Package: libcommons-fileupload-java; Maintainer for libcommons-fileupload-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libcommons-fileupload-java is src:libcommons-fileupload-java (PTS, buildd, popcon) Rep ...

Debian Bug report logs - #763899 jenkins: multiple security vulnerabilities Package: jenkins; Maintainer for jenkins is (unknown); Reported by: Nobuhiro Ban <bannobuhiro@gmailcom> Date: Fri, 3 Oct 2014 15:03:02 UTC Severity: grave Tags: security Found in version jenkins/15652-2 Fixed in version jenkins/15653-1 Don ...

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 531; JBoss Portal 43 CP07, 522, and 600; and Red Hat JBoss Web Server 102 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance ...

Version based search for vulnerabilities in Jar files, using victims-cve-db database.

Victims CVE Database Version Search This script allows searching for vulnerabilities associated with specific versions of Java archives (jar files) using database provided by victims-cve-db For each jar file the version information is retrieved: Using Maven manifest (pomxml), if it does exist within jar Using version included into filename and filename as artifactId Using

Vul4J: A Dataset of Reproducible Java Vulnerabilities

Introduction Vul4J is a dataset of real-world Java vulnerabilities Each vulnerability in the dataset is provided along with a human patch, Proof-of-Vulnerability (PoV) test case(s), and other information for the reproduction of the vulnerability In this repository, we host the Vul4J dataset, the support framework that allows performing several common tasks required by APR too

Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)

ACEDcup ACEDcup tool is a payload generator for Java Binary Deserialization attack (ACED) For Apache Commons FileUpload ver <= 13 (CVE-2013-2186) and Oracle JDK ver < 7u40 The attack works even for newer versions of the lib or Java We can upload any content in any directory, but we cannot control a file name (smth like upload_f71d3547_72ed_4ae1_90fe_0d319115cd42

Source code for CVE-2013-2186

CVE_2013_2186 Source code for CVE-2013-2186

Code generate payload for CVE-2013-2186

Payload_CVE_2013_2186 Code generate payload for CVE-2013-2186

Vul4J: A Dataset of Reproducible Java Vulnerabilities

Introduction Vul4J is a dataset of real-world Java vulnerabilities Each vulnerability in the dataset is provided along with a human patch, Proof-of-Vulnerability (PoV) test case(s), and other information for the reproduction of the vulnerability In this repository, we host the Vul4J dataset, the support framework that allows performing several common tasks required by APR too

CWE-20 http://rhn.redhat.com/errata/RHSA-2013-1428.html http://rhn.redhat.com/errata/RHSA-2013-1429.html http://rhn.redhat.com/errata/RHSA-2013-1430.html http://rhn.redhat.com/errata/RHSA-2013-1448.html http://ubuntu.com/usn/usn-2029-1 http://secunia.com/advisories/55716 http://www.debian.org/security/2013/dsa-2827 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html https://access.redhat.com/errata/RHSA-2016:0070 http://www.securityfocus.com/bid/63174 https://exchange.xforce.ibmcloud.com/vulnerabilities/88133 https://www.tenable.com/security/research/tra-2016-23 http://rhn.redhat.com/errata/RHSA-2013-1442.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html https://access.redhat.com/errata/RHSA-2013:1428 https://usn.ubuntu.com/2029-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2186

CVE-2013-2186

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect