What is CVE-2013-2185?

CVE-2013-2185 is a vulnerability in Apache Tomcat, classified under Improper Input Validation. Published 2014-01-19.

Is CVE-2013-2185 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Tomcat

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL b…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.053 (90.2th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat
Redhat Jboss_enterprise_application_platform — versions 6.1.0
Redhat Jboss_enterprise_portal_platform — versions 6.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

[oss-security] 20130905 Re: CVE-2013-2185 / Tomcat (mailing-list, x_refsource_MLIST)
RHSA-2013:1193 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1265 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 (mailing-list, x_refsource_MLIST)
RHSA-2013:1194 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2013-2185?: CVE-2013-2185 is a vulnerability in Apache Tomcat, classified under Improper Input Validation. Published 2014-01-19.
Is CVE-2013-2185 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.