The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Max CVSS
7.5
EPSS Score
2.68%
Published
2013-10-28
Updated
2018-01-09
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.
Max CVSS
9.1
EPSS Score
2.11%
Published
2017-07-17
Updated
2019-05-06
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Max CVSS
9.8
EPSS Score
5.87%
Published
2016-10-25
Updated
2022-07-25
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!