Vulnerability identifier: #VU12312
Vulnerability risk: High
Exploitation vector: Network
Exploit availability: No
Apache Commons FileUpload
Server applications / Frameworks for developing and running applications
Vendor: Apache Foundation
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versions
Apache Commons FileUpload: 1.3.2
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.