Arbitrary File Write Affecting commons-fileupload:commons-fileupload Open this link in a new tab package, versions [,1.3.1)
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMMONSFILEUPLOAD-30080
-
published
16 Jun 2013
-
disclosed
16 Jun 2013
-
credit
Unknown
Introduced: 16 Jun 2013
CVE-2013-2186 Open this link in a new tabOverview
commons-fileupload:commons-fileupload
Affected versions of this package are vulnerable to Arbitrary File Write.
Details
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.