CVE-2013-0248
Published: 15 March 2013
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | version 1.3 added documentation notes that a directory should be specified when using the API. this isn't worth fixing in stable releases |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libcommons-fileupload-java Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
|
|
| quantal |
Ignored
|
|
| raring |
Ignored
|
|
| saucy |
Not vulnerable
(1.3-2)
|
|
| upstream |
Released
(1.3)
|
|
| This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. | ||