CVE-2013-2186
NONE
Published Oct 28, 201312y ago · Modified Jun 16, 20262w ago
Published Oct 28, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 7
References 19
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1428.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1429.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1430.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1442.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1448.html
- secunia.com http://secunia.com/advisories/55716
- ubuntu.com http://ubuntu.com/usn/usn-2029-1
- debian.org http://www.debian.org/security/2013/dsa-2827
- oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- oracle.com http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- securityfocus.com http://www.securityfocus.com/bid/63174
- access.redhat.com https://access.redhat.com/errata/RHSA-2016:0070
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
- wiki.jenkins-ci.org https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
- tenable.com https://www.tenable.com/security/research/tra-2016-23
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.