What is CVE-2013-0248?

CVE-2013-0248 is a vulnerability in Apache Commons_fileupload, classified under CWE-264. Published 2013-03-15.

Is CVE-2013-0248 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Commons_fileupload

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

EPSS: 0.001 (21.2th percentile) — read the EPSS interpretation.

Affected products

Apache Commons_fileupload — versions 1.0, 1.1, 1.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

58326 (vdb-entry, x_refsource_BID)
HPSBMU03409 (x_refsource_HP, vendor-advisory)
20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM)
90906 (x_refsource_OSVDB, vdb-entry)
GLSA-202107-39 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2013-0248?: CVE-2013-0248 is a vulnerability in Apache Commons_fileupload, classified under CWE-264. Published 2013-03-15.
Is CVE-2013-0248 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.