Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Related bugs and status

CVE-2013-2186 (Candidate) is related to these bugs:

Bug #1253847: Sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1253847	Sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian unstable (main)		libcommons-fileupload-java (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.tenable.co...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: https://access.redhat....
MISC: http://lists.opensuse....
MISC: http://ubuntu.com/usn/...
MISC: https://exchange.xforc...
MISC: http://www.oracle.com/...
MISC: http://www.oracle.com/...
MISC: http://www.oracle.com/...
MISC: https://wiki.jenkins-c...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....