CVE-2013-0248

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions 1.0 through 1.2.2

Description The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Recommendations For Apache Commons FileUpload versions 1.0 through 1.2.2, consider changing the default configuration of javax.servlet.context.tempdir to a directory that is not accessible by local users to prevent arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-264

Related Identifiers

ALT-PU-2014-3192

CVE-2013-0248

GHSA-VM69-474V-7Q2W

Affected Products

Alt Linux

Apache Commons Fileupload

CVE-2013-0248

Weakness Enumeration

Related Identifiers

Affected Products

References · 19