CVE-2013-2185 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-2185?

CVE-2013-2185 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2185?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Portal Platform.

Vulnerability Description

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Tomcat	<= 7.0.39
Redhat	Jboss Enterprise Application Platform	6.1.0
Redhat	Jboss Enterprise Portal Platform	6.0.0

Related Weaknesses (CWE)

CWE-20

References

http://openwall.com/lists/oss-security/2014/10/24/12
http://rhn.redhat.com/errata/RHSA-2013-1193.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1194.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1265.htmlVendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/05/4
http://openwall.com/lists/oss-security/2014/10/24/12
http://rhn.redhat.com/errata/RHSA-2013-1193.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1194.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1265.htmlVendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/05/4

FAQ

What is CVE-2013-2185?

CVE-2013-2185 is a vulnerability with a CVSS score of 7.5 (HIGH). The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers t...

How severe is CVE-2013-2185?

CVE-2013-2185 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2185?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Portal Platform.