Lucene search
GitHub Advisory DatabaseGHSA-VM69-474V-7Q2WHistoryMay 05, 2022 - 2:48 a.m.
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-0502:48:41
CWE-276
GitHub Advisory Database
github.com
13
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Affected configurations
Node
apachecommons_fileuploadRange<1.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| commons-fileupload:commons-fileupload | lt | 1.2.2 |
References
Related
osv
osv
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-05 02:48:41
nessus
nessus
RHEL 5 : jbds (Unpatched Vulnerability)
2024-06-03 00:00:00
GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities
2022-01-24 00:00:00
seebug
seebug
Apache Commons FileUploadไธๅฎๅ
จไธดๆถๆไปถๅๅปบๆผๆด(CVE-2013-0248)
2013-03-10 00:00:00
ibm
ibm
debiancve
debiancve
CVE-2013-0248
2013-03-15 20:55:10
cvelist
cvelist
CVE-2013-0248
2013-03-15 01:00:00
ubuntucve
ubuntucve
CVE-2013-0248
2013-03-15 00:00:00
securityvulns
securityvulns
prion
prion
Default configuration
2013-03-15 20:55:00
nvd
nvd
CVE-2013-0248
2013-03-15 20:55:10
cve
cve
CVE-2013-0248
2013-03-15 20:55:10
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Related for GHSA-VM69-474V-7Q2W