CVE-2013-2186

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-2186
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-2186.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-2186
Aliases
Related
Published
2013-10-28T21:55:05Z
Modified
2024-09-18T01:00:21Z
Summary
[none]
Details

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

References

Affected packages

Debian:11 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libcommons-fileupload-java

Package

Name
libcommons-fileupload-java
Purl
pkg:deb/debian/libcommons-fileupload-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}