Lucene search
Ubuntu.comUB:CVE-2013-0248HistoryMar 15, 2013 - 12:00 a.m.
CVE-2013-0248
2013-03-1500:00:00
ubuntu.com
ubuntu.com
12
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
The default configuration of javax.servlet.context.tempdir in Apache
Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded
files, which allows local users to overwrite arbitrary files via an
unspecified symlink attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | version 1.3 added documentation notes that a directory should be specified when using the API. this isnโt worth fixing in stable releases |
Related
securityvulns
securityvulns
ibm
ibm
osv
osv
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-05 02:48:41
seebug
seebug
Apache Commons FileUploadไธๅฎๅ
จไธดๆถๆไปถๅๅปบๆผๆด(CVE-2013-0248)
2013-03-10 00:00:00
nessus
nessus
RHEL 5 : jbds (Unpatched Vulnerability)
2024-06-03 00:00:00
GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities
2022-01-24 00:00:00
debiancve
debiancve
CVE-2013-0248
2013-03-15 20:55:10
cvelist
cvelist
CVE-2013-0248
2013-03-15 01:00:00
prion
prion
Default configuration
2013-03-15 20:55:00
nvd
nvd
CVE-2013-0248
2013-03-15 20:55:10
github
github
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-05 02:48:41
cve
cve
CVE-2013-0248
2013-03-15 20:55:10
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Related for UB:CVE-2013-0248