CVE-2013-2186 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-2186?

CVE-2013-2186 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2186?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Brms Platform, Redhat Jboss Enterprise Portal Platform, Redhat Jboss Enterprise Web Server, Redhat Openshift, Ubuntu Ubuntu.

Vulnerability Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Brms Platform	5.3.1
Redhat	Jboss Enterprise Portal Platform	4.3.0
Redhat	Jboss Enterprise Web Server	1.0.2
Redhat	Openshift	<= 3.1
Ubuntu	Ubuntu	10.04

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-2186?

CVE-2013-2186 is a vulnerability with a CVSS score of 7.5 (HIGH). The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write t...

How severe is CVE-2013-2186?

CVE-2013-2186 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2186?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Brms Platform, Redhat Jboss Enterprise Portal Platform, Redhat Jboss Enterprise Web Server, Redhat Openshift, Ubuntu Ubuntu.