Lucene search

K

[email protected]NVD:CVE-2013-4444

HistorySep 12, 2014 - 1:55 a.m.

CVE-2013-4444

2014-09-1201:55:06

CWE-94

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Affected configurations

NVD

Node

apachetomcatRange≤7.0.39

OR

apachetomcatMatch7.0.0

OR

apachetomcatMatch7.0.0beta

OR

apachetomcatMatch7.0.1

OR

apachetomcatMatch7.0.2

OR

apachetomcatMatch7.0.2beta

OR

apachetomcatMatch7.0.3

OR

apachetomcatMatch7.0.4

OR

apachetomcatMatch7.0.4beta

OR

apachetomcatMatch7.0.10

OR

apachetomcatMatch7.0.11

OR

apachetomcatMatch7.0.12

OR

apachetomcatMatch7.0.13

OR

apachetomcatMatch7.0.14

OR

apachetomcatMatch7.0.15

OR

apachetomcatMatch7.0.16

OR

apachetomcatMatch7.0.17

OR

apachetomcatMatch7.0.18

OR

apachetomcatMatch7.0.19

OR

apachetomcatMatch7.0.20

OR

apachetomcatMatch7.0.21

OR

apachetomcatMatch7.0.22

OR

apachetomcatMatch7.0.23

OR

apachetomcatMatch7.0.24

OR

apachetomcatMatch7.0.25

OR

apachetomcatMatch7.0.26

OR

apachetomcatMatch7.0.27

OR

apachetomcatMatch7.0.28

OR

apachetomcatMatch7.0.29

OR

apachetomcatMatch7.0.30

OR

apachetomcatMatch7.0.31

OR

apachetomcatMatch7.0.32

OR

apachetomcatMatch7.0.33

OR

apachetomcatMatch7.0.34

OR

apachetomcatMatch7.0.35

OR

apachetomcatMatch7.0.36

OR

apachetomcatMatch7.0.37

OR

apachetomcatMatch7.0.38

References

archives.neohapsis.com/archives/bugtraq/2014-09/0075.html

marc.info/?l=bugtraq&m=144498216801440&w=2

openwall.com/lists/oss-security/2014/10/24/12

seclists.org/fulldisclosure/2021/Jan/23

tomcat.apache.org/security-7.html

www.debian.org/security/2016/dsa-3447

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.securityfocus.com/bid/69728

www.securitytracker.com/id/1030834

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

Related for NVD:CVE-2013-4444

securityvulns2 ibm7 osv2 openvas3 cvelist1 debiancve1 cve1 prion1 github1 tomcat1 threatpost1 nessus3 ubuntucve1 debian2 oracle1