Improper input validation in Redhat Jboss_enterprise_brms_platform
CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.871 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Redhat Jboss_enterprise_brms_platform — versions 5.3.1
- Redhat Jboss_enterprise_portal_platform — versions 4.3.0, 5.2.2, 6.0.0
- Redhat Jboss_enterprise_web_server — versions 1.0.2
- Redhat Openshift
- Ubuntu — versions 10.04
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2013:1430 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- RHSA-2013:1429 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- apache-commons-cve20132186-file-overrwite(88133) (vdb-entry, x_refsource_XF)
- openSUSE-SU-2013:1571 (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM)
- 55716 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2013:1596 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2013:1660 (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2013-2186?
- CVE-2013-2186 is a vulnerability in Redhat Jboss_enterprise_brms_platform, classified under Improper Input Validation. Published 2013-10-28.
- Is CVE-2013-2186 known to be exploited?
- 39 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.