SUSE CVE-2013-2186

🗓️ 15 Feb 2023 05:38:58Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

DiskFileItem in Apache Commons FileUpload allows remote file write via NULL byte in serialized filename.

Reporter	Title	Published	Views	Family All 85
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Apache Commons FileUpload vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2014-0034, CVE-2014-0050, CVE-2013-2186, CVE-2016-3092)	7 Nov 202105:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities	22 Apr 202406:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities	14 Jun 202313:29	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)	26 Sep 202205:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities	18 Feb 201914:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products	25 Sep 202309:03	–	ibm
FreeBSD	jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS	1 Oct 201400:00	–	freebsd
ArchLinux	jenkins: multiple issues	2 Oct 201400:00	–	archlinux
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	28 Apr 201500:00	–	bdu_fstec

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	apache-commons-fileupload	1.4-1.9	apache-commons-fileupload-1.4-1.9.noarch.rpm
OpenSUSE Tumbleweed	–	any	apache-commons-fileupload-javadoc	1.4-1.9	apache-commons-fileupload-javadoc-1.4-1.9.noarch.rpm
SUSE Linux Enterprise Server	11.1	any	jakarta-commons-fileupload	1.1.1-1.35.1	jakarta-commons-fileupload-1.1.1-1.35.1.noarch.rpm
SUSE Linux Enterprise Server	11.2	any	jakarta-commons-fileupload	1.1.1-1.35.1	jakarta-commons-fileupload-1.1.1-1.35.1.noarch.rpm
SUSE Linux Enterprise Server	11.3	any	jakarta-commons-fileupload	1.1.1-1.35.1	jakarta-commons-fileupload-1.1.1-1.35.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	11.2	any	jakarta-commons-fileupload	1.1.1-1.35.1	jakarta-commons-fileupload-1.1.1-1.35.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	11.3	any	jakarta-commons-fileupload	1.1.1-1.35.1	jakarta-commons-fileupload-1.1.1-1.35.1.noarch.rpm
SUSE Linux Enterprise Server	11.4	any	jakarta-commons-fileupload	1.1.1-1.37.1	jakarta-commons-fileupload-1.1.1-1.37.1.noarch.rpm
SUSE Linux Enterprise Server	12	any	jakarta-commons-fileupload	1.1.1-120.238	jakarta-commons-fileupload-1.1.1-120.238.noarch.rpm
SUSE Linux Enterprise Server	12.1	any	jakarta-commons-fileupload	1.1.1-120.238	jakarta-commons-fileupload-1.1.1-120.238.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2013-2186
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/846174
lists	www.lists.suse.com/pipermail/sle-security-updates/2013-November/000631.html

10 May 2026 01:19Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

EPSS0.87099

DiskFileItem Apache Commons FileUpload Null byte Serialized filename Remote file write