CVE-2013-0248

Apache Commons FileUpload 1.0-1.2.2 - Arbitrary File Overwrite via Symlink Attack

Title source: llm
STIX 2.1

Description

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58326
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/90906
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202107-39

Scores

EPSS 0.0068
EPSS Percentile 48.3%

Details

CWE
CWE-264
Status published
Products (7)
apache/commons_fileupload 1.0
apache/commons_fileupload 1.1
apache/commons_fileupload 1.1.1
apache/commons_fileupload 1.2
apache/commons_fileupload 1.2.1
apache/commons_fileupload 1.2.2
commons-fileupload/commons-fileupload 1.0 - 1.2.2Maven
Published Mar 15, 2013
Tracked Since Feb 18, 2026