The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Max CVSS
7.5
EPSS Score
2.68%
Published
2013-10-28
Updated
2018-01-09
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Max CVSS
5.8
EPSS Score
0.41%
Published
2013-02-24
Updated
2013-02-26
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Max CVSS
7.5
EPSS Score
1.11%
Published
2013-02-24
Updated
2023-02-13
3 vulnerabilities found