Showing 1 - 3 of 3

CVE-2013-0248

Status Candidate

Overview

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Related Files

Gentoo Linux Security Advisory 202107-39: Posted Jul 19, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202107-39 - Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition. Versions 1.3 and below are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2013-0248, CVE-2014-0050, CVE-2016-3092; SHA-256 | da595f1d67dc8debc118a5489d2f92bcd08094c94d4ee86e23b7c49ce74d1621; Download | Favorite | View

HP Security Bulletin HPSBMU03409 1: Posted Aug 26, 2015; Authored by HP | Site hp.com; HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2010-5107, CVE-2013-0248, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286; SHA-256 | ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5; Download | Favorite | View

Apache Commons FileUpload 1.2.2 Insecure /tmp Usage: Posted Mar 7, 2013; Authored by Hugo Vazquez Carames, Karl Dyszynski; Apache Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process, FileUpload may (depending on configuration) save the uploaded file temporarily on disk. By default this will be in the system wide tmp directory. Because the temporary files have predictable file names and are stored in a publicly writeable location they are vulnerable to a TOCTOU attack. Versions 1.0 through 1.2.2 are affected.; tags | advisory, web, file upload; advisories | CVE-2013-0248; SHA-256 | aef9320b83ebe6ba6979332985d9a5aff8a232ccdbb3dd487e7f6d3b242f6f7a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 88 files
indoushka 49 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 11 files
Jim Blankendaal 11 files
Debian 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

CVE-2013-0248

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems