CVE-2013-2186

Current Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Referenced by CVEs:CVE-2013-2185

Basic Data

PublishedOctober 28, 2013
Last ModifiedJanuary 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Enterprise Brms Platform5.3.1*******
    2.3ApplicationRedhatJboss Enterprise Portal Platform4.3.0cp07******
    2.3ApplicationRedhatJboss Enterprise Portal Platform5.2.2*******
    2.3ApplicationRedhatJboss Enterprise Portal Platform6.0.0*******
    2.3ApplicationRedhatJboss Enterprise Web Server1.0.2*******
    2.3ApplicationRedhatOpenshift****enterprise***3.1
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSUbuntuUbuntu10.04*lts*****

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Web Server 1.0.2
Redhat Jboss Enterprise Portal Platform 4.3.0, 5.2.2, 6.0.0
Redhat Openshift *
Redhat Jboss Enterprise Brms Platform 5.3.1
Ubuntu Ubuntu 10.04

References

NameSourceURLTags
SUSE-SU-2013:1660http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.htmlSUSE
openSUSE-SU-2013:1571http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.htmlSUSE
openSUSE-SU-2013:1596http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.htmlSUSE
RHSA-2013:1428http://rhn.redhat.com/errata/RHSA-2013-1428.htmlREDHATVendor Advisory
RHSA-2013:1429http://rhn.redhat.com/errata/RHSA-2013-1429.htmlREDHATVendor Advisory
RHSA-2013:1430http://rhn.redhat.com/errata/RHSA-2013-1430.htmlREDHATVendor Advisory
RHSA-2013:1442http://rhn.redhat.com/errata/RHSA-2013-1442.htmlREDHAT
RHSA-2013:1448http://rhn.redhat.com/errata/RHSA-2013-1448.htmlREDHATVendor Advisory
55716http://secunia.com/advisories/55716SECUNIA
USN-2029-1http://ubuntu.com/usn/usn-2029-1UBUNTU
DSA-2827http://www.debian.org/security/2013/dsa-2827DEBIAN
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlCONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlCONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlCONFIRM
63174http://www.securityfocus.com/bid/63174BID
RHSA-2016:0070https://access.redhat.com/errata/RHSA-2016:0070REDHAT
apache-commons-cve20132186-file-overrwite(88133)https://exchange.xforce.ibmcloud.com/vulnerabilities/88133XF
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01CONFIRM
https://www.tenable.com/security/research/tra-2016-23https://www.tenable.com/security/research/tra-2016-23MISC