CVE-2013-2186

Redhat Jboss Enterprise Brms Platform - Improper Input Validation

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2013-2186. PoCs published by GrrrDog, dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a payload generator for exploiting CVE-2013-2186, a Java deserialization vulnerability in Apache Commons FileUpload <= 1.3. It allows arbitrary file uploads by manipulating serialized objects.

Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Exploits (5)

nomisec WORKING POC 38 stars
by GrrrDog · poc
https://github.com/GrrrDog/ACEDcup

This repository contains a payload generator for exploiting CVE-2013-2186, a Java deserialization vulnerability in Apache Commons FileUpload <= 1.3. It allows arbitrary file uploads by manipulating serialized objects.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons FileUpload <= 1.3
No auth needed
Prerequisites: Java environment · Serialized payload delivery mechanism
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2013-2186-commons-fileupload-vulnerable

This repository contains the vulnerable source code of Apache Commons FileUpload (pre-patch) for CVE-2013-2186, which is a denial-of-service (DoS) vulnerability caused by inefficient handling of multipart form data. The code includes deprecated classes like `DefaultFileItem` and `DefaultFileItemFactory`, which are part of the vulnerable implementation.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons FileUpload < 1.3.1
No auth needed
Prerequisites: Target application using vulnerable version of Apache Commons FileUpload · Ability to send crafted multipart form data
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2013-2186-commons-fileupload-vulnerable

This repository contains the vulnerable source code of Apache Commons FileUpload (pre-patch) for CVE-2013-2186, which is a denial-of-service (DoS) vulnerability. The code includes deprecated classes like DefaultFileItem and DefaultFileItemFactory, which are part of the vulnerable implementation.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons FileUpload (versions before 1.3.1)
No auth needed
Prerequisites: Target application using vulnerable Apache Commons FileUpload library
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by sa1g0n1337 · poc
https://github.com/sa1g0n1337/CVE_2013_2186

This repository contains a proof-of-concept for CVE-2013-2186, demonstrating a Java deserialization vulnerability in Apache Commons FileUpload. The code includes a servlet that handles file uploads and deserializes user data, which can be exploited for remote code execution.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons FileUpload (versions affected by CVE-2013-2186)
No auth needed
Prerequisites: Access to a vulnerable servlet handling file uploads · Ability to craft and upload a malicious serialized object
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by sa1g0n1337 · poc
https://github.com/sa1g0n1337/Payload_CVE_2013_2186

This repository contains a Java-based payload generator for CVE-2013-2186, which exploits a deserialization vulnerability in Apache Commons FileUpload. The PoC creates a malicious serialized object that can write arbitrary files to the target system when deserialized.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons FileUpload <= 1.3 with Java JDK < 7u40
No auth needed
Prerequisites: Java environment · Apache Commons FileUpload vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1430.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1429.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55716
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1428.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2827
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0070
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1442.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1448.html
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2016-23
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/63174
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2029-1

Scores

EPSS 0.8710
EPSS Percentile 99.5%

Details

CWE
CWE-20
Status published
Products (8)
commons-fileupload/commons-fileupload 0 - 1.3.1Maven
redhat/jboss_enterprise_brms_platform 5.3.1
redhat/jboss_enterprise_portal_platform 4.3.0 cp07
redhat/jboss_enterprise_portal_platform 5.2.2
redhat/jboss_enterprise_portal_platform 6.0.0
redhat/jboss_enterprise_web_server 1.0.2
redhat/openshift < 3.1
ubuntu/ubuntu 10.04
Published Oct 28, 2013
Tracked Since Feb 18, 2026