CVE-2013-2185

2014-01-1918:02:57

CWE-20

redhat

web.nvd.nist.gov

113

cve-2013-2185

apache tomcat

jboss web

red hat

jboss enterprise application platform

jboss portal

remote attackers

arbitrary files

null byte

serialized instance

vulnerability

disputed

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

High

EPSS

0.014

Percentile

86.4%

JSON

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

Affected configurations

Nvd

Node

apachetomcatRange≤7.0.39

redhatjboss_enterprise_application_platformMatch6.1.0

redhatjboss_enterprise_portal_platformMatch6.0.0

VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform6.1.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*
redhatjboss_enterprise_portal_platform6.0.0cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	*	cpe:2.3:a:apache:tomcat::::::::
redhat	jboss_enterprise_application_platform	6.1.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:::::::*
redhat	jboss_enterprise_portal_platform	6.0.0	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:::::::*