CVE-2013-4444

🗓️ 12 Sep 2014 01:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 107 Views

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, allows remote attackers to execute arbitrary code by uploading a JSP file

Reporter	Title	Published	Views	Family All 29
IBM Security Bulletins	Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries	26 Mar 202503:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool	17 Jun 201805:09	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4	15 Jun 201807:02	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4444)	17 Jun 201804:57	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.40 Multiple Vulnerabilities	20 May 201300:00	–	nessus
Tenable Nessus	Debian DSA-3447-1 : tomcat7 - security update	19 Jan 201600:00	–	nessus
Tenable Nessus	Apache Tomcat 7.0.0 < 7.0.40 multiple vulnerabilities	15 May 201300:00	–	nessus

NVD

Node

apache tomcatRange≤7.0.39

apache tomcatMatch7.0.0

apache tomcatMatch7.0.0beta

apache tomcatMatch7.0.1

apache tomcatMatch7.0.2

apache tomcatMatch7.0.2beta

apache tomcatMatch7.0.3

apache tomcatMatch7.0.4

apache tomcatMatch7.0.4beta

apache tomcatMatch7.0.10

apache tomcatMatch7.0.11

apache tomcatMatch7.0.12

apache tomcatMatch7.0.13

apache tomcatMatch7.0.14

apache tomcatMatch7.0.15

apache tomcatMatch7.0.16

apache tomcatMatch7.0.17

apache tomcatMatch7.0.18

apache tomcatMatch7.0.19

apache tomcatMatch7.0.20

apache tomcatMatch7.0.21

apache tomcatMatch7.0.22

apache tomcatMatch7.0.23

apache tomcatMatch7.0.24

apache tomcatMatch7.0.25

apache tomcatMatch7.0.26

apache tomcatMatch7.0.27

apache tomcatMatch7.0.28

apache tomcatMatch7.0.29

apache tomcatMatch7.0.30

apache tomcatMatch7.0.31

apache tomcatMatch7.0.32

apache tomcatMatch7.0.33

apache tomcatMatch7.0.34

apache tomcatMatch7.0.35

apache tomcatMatch7.0.36

apache tomcatMatch7.0.37

apache tomcatMatch7.0.38

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
seclists	www.seclists.org/fulldisclosure/2021/Jan/23
marc	www.marc.info/
openwall	www.openwall.com/lists/oss-security/2014/10/24/12
archives	www.archives.neohapsis.com/archives/bugtraq/2014-09/0075.html
tomcat	www.tomcat.apache.org/security-7.html
securityfocus	www.securityfocus.com/bid/69728
debian	www.debian.org/security/2016/dsa-3447
h20564	www.h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay
securitytracker	www.securitytracker.com/id/1030834

06 May 2026 22:30Current

9High risk

Vulners AI Score9

CVSS 26.8

EPSS0.09487

CWE-94