CVE-2013-2186

NONE
Published Oct 28, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 28, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 7

VendorProductVersionRange
redhatjboss_enterprise_brms_platform5.3.1any
redhatjboss_enterprise_portal_platform4.3.0any
redhatjboss_enterprise_portal_platform5.2.2any
redhatjboss_enterprise_portal_platform6.0.0any
redhatjboss_enterprise_web_server1.0.2any
redhatopenshift* ≤3.1
ubuntuubuntu10.04any

References 19

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1428.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1429.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1430.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1442.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1448.html
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/55716
  • ubuntu.com http://ubuntu.com/usn/usn-2029-1
  • debian.org http://www.debian.org/security/2013/dsa-2827
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  • securityfocus.com http://www.securityfocus.com/bid/63174
  • access.redhat.com https://access.redhat.com/errata/RHSA-2016:0070
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
  • wiki.jenkins-ci.org https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
  • tenable.com https://www.tenable.com/security/research/tra-2016-23

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.