Vulnerability Details : CVE-2016-1000031
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2016-1000031
- cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1000031
11.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1000031
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1000031
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1000031
-
https://www.oracle.com/security-alerts/cpujan2020.html
Oracle Critical Patch Update Advisory - January 2020
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020
-
https://www.tenable.com/security/research/tra-2016-23
[R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation - Research Advisory | TenableĀ®Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Page not found | Oracle
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019
-
https://www.tenable.com/security/research/tra-2016-30
[R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation - Research Advisory | TenableĀ®Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html
[security-announce] openSUSE-SU-2019:1399-1: important: Security update
-
http://www.zerodayinitiative.com/advisories/ZDI-16-570/
ZDI-16-570 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019
-
https://security.netapp.com/advisory/ntap-20190212-0001/
November 2017 Apache Commons FileUpload Vulnerabilities in NetApp Products | NetApp Product Security
-
https://issues.apache.org/jira/browse/FILEUPLOAD-279
[FILEUPLOAD-279] CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution - ASF JIRAVendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Oracle Critical Patch Update - October 2016
-
http://www.securityfocus.com/bid/93604
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021
-
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report - Pony Mail
-
https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E
[ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior - Pony Mail
-
https://issues.apache.org/jira/browse/WW-4812
[WW-4812] Update commons-fileupload - ASF JIRA
-
https://www.tenable.com/security/research/tra-2016-12
[R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER) - Research Advisory | TenableĀ®Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022
Jump to