SB2013102803 - Arbitrary file overwrite in Apache Commons FileUpload
Published: October 28, 2013 Updated: September 25, 2023
Security Bulletin ID
SB2013102803
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2186)
The vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when processing file names with a NULL byte within the DiskFileItem class. A remote attacker can upload a specially crafted file with a NULL byte in its name and overwrite arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
- http://rhn.redhat.com/errata/RHSA-2013-1428.html
- http://rhn.redhat.com/errata/RHSA-2013-1429.html
- http://rhn.redhat.com/errata/RHSA-2013-1430.html
- http://rhn.redhat.com/errata/RHSA-2013-1442.html
- http://rhn.redhat.com/errata/RHSA-2013-1448.html
- http://secunia.com/advisories/55716
- http://ubuntu.com/usn/usn-2029-1
- http://www.debian.org/security/2013/dsa-2827
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/63174
- https://access.redhat.com/errata/RHSA-2016:0070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
- https://www.tenable.com/security/research/tra-2016-23