CVE-2013-0248
Published: 15 March 2013
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Notes
Author | Note |
---|---|
mdeslaur | version 1.3 added documentation notes that a directory should be specified when using the API. this isn't worth fixing in stable releases |
Priority
Status
Package | Release | Status |
---|---|---|
libcommons-fileupload-java Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
|
|
quantal |
Ignored
|
|
raring |
Ignored
|
|
saucy |
Not vulnerable
(1.3-2)
|
|
upstream |
Released
(1.3)
|
|
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. |