6.7 Medium
AI Score
Confidence
Low
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.4%
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
CPE | Name | Operator | Version |
---|---|---|---|
commons_fileupload | eq | 1.2.2 | |
commons_fileupload | eq | 1.2 | |
commons_fileupload | eq | 1.1 | |
commons_fileupload | eq | 1.1.1 | |
commons_fileupload | eq | 1.2.1 | |
commons_fileupload | eq | 1.0 |