CVE-2013-2186
The MITRE CVE dictionary describes this issue as:
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Find out more about CVE-2013-2186 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 7.5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss SOA Platform 5.3 | RHSA-2013:1442 | 2013-10-17 |
| Red Hat JBoss Web Server 1.0 | RHSA-2013:1429 | 2013-10-15 |
| Red Hat JBoss SOA Platform 4.3 | RHSA-2013:1442 | 2013-10-17 |
| Red Hat JBoss Portal 5.2 | RHSA-2013:1430 | 2013-10-15 |
| JBoss Enterprise BRMS Platform 5.3 | RHSA-2013:1430 | 2013-10-15 |
| Red Hat JBoss Operations Network 3.1 | RHSA-2013:1448 | 2013-10-21 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (jakarta-commons-fileupload) | RHSA-2013:1428 | 2013-10-15 |
| Red Hat JBoss Portal 4.3 | RHSA-2013:1430 | 2013-10-15 |
| Red Hat OpenShift Enterprise 3.1 | RHSA-2016:0070 | 2016-01-26 |
| Red Hat JBoss Portal Platform 6.0 | RHSA-2013:1430 | 2013-10-15 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server (jakarta-commons-fileupload) | RHSA-2013:1428 | 2013-10-15 |
CVE description copyright © 2017, The MITRE Corporation