Lucene search
Ubuntu.comUB:CVE-2013-0248HistoryMar 15, 2013 - 12:00 a.m.
CVE-2013-0248
2013-03-1500:00:00
ubuntu.com
ubuntu.com
11
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
The default configuration of javax.servlet.context.tempdir in Apache
Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded
files, which allows local users to overwrite arbitrary files via an
unspecified symlink attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | version 1.3 added documentation notes that a directory should be specified when using the API. this isn’t worth fixing in stable releases |
Related
ibm
ibm
securityvulns
securityvulns
prion
prion
Default configuration
2013-03-15 20:55:00
cve
cve
CVE-2013-0248
2013-03-15 20:55:00
github
github
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-05 02:48:41
seebug
seebug
Apache Commons FileUpload不安全临时文件创建漏洞(CVE-2013-0248)
2013-03-10 00:00:00
osv
osv
Incorrect Default Permissions in Apache Commons FileUpload
2022-05-05 02:48:41
debiancve
debiancve
CVE-2013-0248
2013-03-15 20:55:00
nessus
nessus
GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities
2022-01-24 00:00:00
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
Related for UB:CVE-2013-0248