Novell Home

CVE-2013-2186

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2186 at MITRE

Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 846174

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • jakarta-commons-fileupload >= 1.1.1-1.35.1
  • jakarta-commons-fileupload-javadoc >= 1.1.1-1.35.1
Builds
SAT Patch Nr: 8446
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • jakarta-commons-fileupload >= 1.1.1-1.35.1
  • jakarta-commons-fileupload-javadoc >= 1.1.1-1.35.1
Builds
SAT Patch Nr: 8445
SUSE Manager 1.2 for SLE 11 SP1
  • jakarta-commons-fileupload >= 1.1.1-1.35.1
Builds
SAT Patch Nr: 8444

© 2014 Novell