{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-08T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"name": "RHSA-2013:1429", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "apache-commons-cve20132186-file-overrwite(88133)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"name": "openSUSE-SU-2013:1571", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "55716", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55716"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "openSUSE-SU-2013:1596", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"name": "SUSE-SU-2013:1660", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"name": "RHSA-2013:1428", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"name": "DSA-2827", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2827"}, {"name": "RHSA-2016:0070", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"name": "RHSA-2013:1442", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"name": "RHSA-2013:1448", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2016-23"}, {"name": "63174", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63174"}, {"name": "USN-2029-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-2029-1"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2186", "datePublished": "2013-10-28T21:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2018-01-08T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6B1CE36-5131-425D-90BD-FC597F27B3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "C9C9C8B4-693E-4777-BC31-5933147DFC54", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC0F117C-E25C-4B0C-9459-4BB4413440CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36684290-780F-444A-8534-907C52796F6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", "versionEndIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*", "matchCriteriaId": "C0939929-26C2-4BD4-A57A-38CCE953D47B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."}, {"lang": "es", "value": "La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a trav\u00e9s de un byte NULL en un nombre de archivo en una instancia serializada."}], "id": "CVE-2013-2186", "lastModified": "2018-01-09T02:29:03.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-28T21:55:05.157", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55716"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-2029-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2827"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63174"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"source": "secalert@redhat.com", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"source": "secalert@redhat.com", "url": "https://www.tenable.com/security/research/tra-2016-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}