Lucene search

K
nvd[email protected]NVD:CVE-2013-4444
HistorySep 12, 2014 - 1:55 a.m.

CVE-2013-4444

2014-09-1201:55:06
CWE-94
web.nvd.nist.gov
12

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.068

Percentile

93.9%

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Affected configurations

Nvd
Node
apachetomcatRange7.0.39
OR
apachetomcatMatch7.0.0
OR
apachetomcatMatch7.0.0beta
OR
apachetomcatMatch7.0.1
OR
apachetomcatMatch7.0.2
OR
apachetomcatMatch7.0.2beta
OR
apachetomcatMatch7.0.3
OR
apachetomcatMatch7.0.4
OR
apachetomcatMatch7.0.4beta
OR
apachetomcatMatch7.0.10
OR
apachetomcatMatch7.0.11
OR
apachetomcatMatch7.0.12
OR
apachetomcatMatch7.0.13
OR
apachetomcatMatch7.0.14
OR
apachetomcatMatch7.0.15
OR
apachetomcatMatch7.0.16
OR
apachetomcatMatch7.0.17
OR
apachetomcatMatch7.0.18
OR
apachetomcatMatch7.0.19
OR
apachetomcatMatch7.0.20
OR
apachetomcatMatch7.0.21
OR
apachetomcatMatch7.0.22
OR
apachetomcatMatch7.0.23
OR
apachetomcatMatch7.0.24
OR
apachetomcatMatch7.0.25
OR
apachetomcatMatch7.0.26
OR
apachetomcatMatch7.0.27
OR
apachetomcatMatch7.0.28
OR
apachetomcatMatch7.0.29
OR
apachetomcatMatch7.0.30
OR
apachetomcatMatch7.0.31
OR
apachetomcatMatch7.0.32
OR
apachetomcatMatch7.0.33
OR
apachetomcatMatch7.0.34
OR
apachetomcatMatch7.0.35
OR
apachetomcatMatch7.0.36
OR
apachetomcatMatch7.0.37
OR
apachetomcatMatch7.0.38
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apachetomcat7.0.0cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
apachetomcat7.0.0cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
apachetomcat7.0.1cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
apachetomcat7.0.2cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
apachetomcat7.0.2cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
apachetomcat7.0.3cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
apachetomcat7.0.4cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
apachetomcat7.0.4cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
apachetomcat7.0.10cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.068

Percentile

93.9%