Bug 974814 (CVE-2013-2186) - CVE-2013-2186 Apache commons-fileupload: Arbitrary file upload via deserialization
Summary: CVE-2013-2186 Apache commons-fileupload: Arbitrary file upload via deserializ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-2186
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 989315 989316 989318 989319 989320 989321 989322 989323 989324 1007220 1011809 1055528
Blocks: 974815
TreeView+ depends on / blocked
 
Reported: 2013-06-16 05:28 UTC by Arun Babu Neelicattu
Modified: 2021-10-20 10:39 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-20 10:39:30 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1428 0 normal SHIPPED_LIVE Important: jakarta-commons-fileupload security update 2013-10-15 22:22:56 UTC
Red Hat Product Errata RHSA-2013:1429 0 normal SHIPPED_LIVE Important: jakarta-commons-fileupload security update 2013-10-15 22:36:58 UTC
Red Hat Product Errata RHSA-2013:1430 0 normal SHIPPED_LIVE Important: commons-fileupload security update 2013-10-15 22:36:52 UTC
Red Hat Product Errata RHSA-2013:1442 0 normal SHIPPED_LIVE Important: commons-fileupload security update 2013-10-17 21:18:48 UTC
Red Hat Product Errata RHSA-2013:1448 0 normal SHIPPED_LIVE Important: Red Hat JBoss Operations Network 3.1.2 update 2013-10-21 21:28:39 UTC
Red Hat Product Errata RHSA-2016:0070 0 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update 2016-01-27 00:12:41 UTC

Description Arun Babu Neelicattu 2013-06-16 05:28:50 UTC
A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process.

Comment 8 errata-xmlrpc 2013-10-15 18:23:49 UTC
This issue has been addressed in following products:

  JBEWS 1.0 for RHEL 5
  JBEWS 1.0 for RHEL 6

Via RHSA-2013:1428 https://rhn.redhat.com/errata/RHSA-2013-1428.html

Comment 9 errata-xmlrpc 2013-10-15 18:39:25 UTC
This issue has been addressed in following products:

  Red Hat JBoss BRMS 5.3.1
  Red Hat JBoss Portal 4.3 CP07, 5.2.2 and 6.0.0

Via RHSA-2013:1430 https://rhn.redhat.com/errata/RHSA-2013-1430.html

Comment 10 errata-xmlrpc 2013-10-15 18:40:31 UTC
This issue has been addressed in following products:

  Red Hat JBoss Web Server 1.0.2

Via RHSA-2013:1429 https://rhn.redhat.com/errata/RHSA-2013-1429.html

Comment 11 errata-xmlrpc 2013-10-17 17:19:14 UTC
This issue has been addressed in following products:

  Red Hat JBoss SOA Platform 4.3.0.GA_CP05
  Red Hat JBoss SOA Platform 5.3.1 GA

Via RHSA-2013:1442 https://rhn.redhat.com/errata/RHSA-2013-1442.html

Comment 12 errata-xmlrpc 2013-10-21 17:28:55 UTC
This issue has been addressed in following products:

  Red Hat JBoss Operations Network 3.1.2

Via RHSA-2013:1448 https://rhn.redhat.com/errata/RHSA-2013-1448.html

Comment 13 Kurt Seifried 2015-07-30 04:58:54 UTC
Please note that Satellite 5 is not affected by this vulnerability. defaultReadObject is not used in the code anywhere, and as such Satellite is not vulnerable.

Comment 15 errata-xmlrpc 2016-01-26 19:13:51 UTC
This issue has been addressed in the following products:

  RHEL 7 Version of OpenShift Enterprise 3.1

Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070


Note You need to log in before you can comment on or make changes to this bug.