Insecure File Upload in Apache Commons FileUpload by Apache
CVE-2013-0248

Currently unrated

Key Information:

Vendor: Apache
Status: Commons Fileupload
Vendor: CVE Published:; 15 March 2013

Summary

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload versions 1.0 to 1.2.2 utilizes the /tmp directory for storing uploaded files. This configuration flaw enables local users to exploit symlink attacks, allowing them to overwrite arbitrary files in the system. The vulnerability poses significant risks as it may lead to unauthorized disclosure of sensitive information or manipulation of critical application files.

References

http://www.securityfocus.com/bid/58326

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=144050155601375&w=2

vendor-advisoryx_refsource_HP

http://archives.neohapsis.com/archives/bugtraq/2013-03/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 15, 2013
Vulnerability Reserved
Dec 6, 2012