Showing 1 - 3 of 3

CVE-2013-0248

Status Candidate

Overview

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Related Files

Gentoo Linux Security Advisory 202107-39: Posted Jul 19, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202107-39 - Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition. Versions 1.3 and below are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2013-0248, CVE-2014-0050, CVE-2016-3092; SHA-256 | da595f1d67dc8debc118a5489d2f92bcd08094c94d4ee86e23b7c49ce74d1621; Download | Favorite | View

HP Security Bulletin HPSBMU03409 1: Posted Aug 26, 2015; Authored by HP | Site hp.com; HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2010-5107, CVE-2013-0248, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286; SHA-256 | ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5; Download | Favorite | View

Apache Commons FileUpload 1.2.2 Insecure /tmp Usage: Posted Mar 7, 2013; Authored by Hugo Vazquez Carames, Karl Dyszynski; Apache Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process, FileUpload may (depending on configuration) save the uploaded file temporarily on disk. By default this will be in the system wide tmp directory. Because the temporary files have predictable file names and are stored in a publicly writeable location they are vulnerable to a TOCTOU attack. Versions 1.0 through 1.2.2 are affected.; tags | advisory, web, file upload; advisories | CVE-2013-0248; SHA-256 | aef9320b83ebe6ba6979332985d9a5aff8a232ccdbb3dd487e7f6d3b242f6f7a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 71 files
Debian 26 files
Google Security Research 14 files
malvuln 11 files
Gentoo 10 files
nu11secur1ty 7 files
Apple 3 files
mjurczyk 3 files
Julien Ahrens 3 files

File Archives

Systems

AIX (426)
Apple (1,926)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,630)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,272)
HPUX (878)
iOS (330)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,202)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (479)
RedHat (12,382)
Slackware (941)
Solaris (1,607)
SUSE (1,444)
Ubuntu (8,177)
UNIX (9,154)
UnixWare (185)
Windows (6,506)
Other

CVE-2013-0248

Overview

Related Files

File Archive:

December 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems