CVE-2013-2186

Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions (affected versions not specified) Red Hat JBoss BRMS version 5.3.1 Red Hat JBoss Portal versions 4.3 CP07, 5.2.2, and 6.0.0 Red Hat JBoss Web Server version 1.0.2

Description The issue affects the DiskFileItem class in Apache Commons FileUpload, allowing remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For Red Hat JBoss BRMS version 5.3.1, update to a version that includes the fix for the DiskFileItem class vulnerability. For Red Hat JBoss Portal versions 4.3 CP07, 5.2.2, and 6.0.0, update to a version that includes the fix for the DiskFileItem class vulnerability. For Red Hat JBoss Web Server version 1.0.2, update to a version that includes the fix for the DiskFileItem class vulnerability. As a temporary workaround, consider restricting access to the DiskFileItem class until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Apache Commons FileUpload.