{"api_version":"1","generated_at":"2026-04-17T09:14:28+00:00","cve":"CVE-2013-2186","urls":{"html":"https://cve.report/CVE-2013-2186","api":"https://cve.report/api/cve/CVE-2013-2186.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-2186","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-2186"},"summary":{"title":"CVE-2013-2186","description":"The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-10-28 21:55:00","updated_at":"2018-01-09 02:29:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://ubuntu.com/usn/usn-2029-1","name":"USN-2029-1","refsource":"UBUNTU","tags":[],"title":"USN-2029-1: Apache Commons FileUpload vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html","name":"openSUSE-SU-2013:1596","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:1596-1: moderate: update for jakarta-commons-fileupload","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1442.html","name":"RHSA-2013:1442","refsource":"REDHAT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"500"},{"url":"http://secunia.com/advisories/55716","name":"55716","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA55716 - Ubuntu update for libcommons-fileupload-java - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2016:0070","name":"RHSA-2016:0070","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","name":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","refsource":"CONFIRM","tags":[],"title":"Oracle Critical Patch Update - July 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","name":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","refsource":"CONFIRM","tags":[],"title":"Jenkins Security Advisory 2014-10-01 - Security Advisories - Jenkins Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","name":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","refsource":"CONFIRM","tags":[],"title":"Oracle Critical Patch Update - January 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1429.html","name":"RHSA-2013:1429","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"500"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html","name":"SUSE-SU-2013:1660","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2013:1660-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/63174","name":"63174","refsource":"BID","tags":[],"title":"Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1428.html","name":"RHSA-2013:1428","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html","name":"openSUSE-SU-2013:1571","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:1571-1: moderate: update for jakarta-commons-fileupload","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1448.html","name":"RHSA-2013:1448","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"500"},{"url":"https://www.tenable.com/security/research/tra-2016-23","name":"https://www.tenable.com/security/research/tra-2016-23","refsource":"MISC","tags":[],"title":"[R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation - Research Advisory | TenableĀ®","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2013/dsa-2827","name":"DSA-2827","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2827-1 libcommons-fileupload-java","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/88133","name":"apache-commons-cve20132186-file-overrwite(88133)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1430.html","name":"RHSA-2013:1430","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"500"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","name":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","refsource":"CONFIRM","tags":[],"title":"Oracle Critical Patch Update - January 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-2186","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2186","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"5.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"5.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"4.3.0","cpe7":"cp07","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"6.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"4.3.0","cpe7":"cp07","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"6.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_server","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_server","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"10.04","cpe7":"*","cpe8":"lts","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2186","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"10.04","cpe7":"*","cpe8":"lts","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2013-2186","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.tenable.com/security/research/tra-2016-23","refsource":"MISC","name":"https://www.tenable.com/security/research/tra-2016-23"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","refsource":"MISC","name":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1448.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-1448.html"},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","refsource":"MISC","name":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","refsource":"MISC","name":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1428.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-1428.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1429.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-1429.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1430.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-1430.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1442.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-1442.html"},{"url":"http://secunia.com/advisories/55716","refsource":"MISC","name":"http://secunia.com/advisories/55716"},{"url":"http://ubuntu.com/usn/usn-2029-1","refsource":"MISC","name":"http://ubuntu.com/usn/usn-2029-1"},{"url":"http://www.debian.org/security/2013/dsa-2827","refsource":"MISC","name":"http://www.debian.org/security/2013/dsa-2827"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","refsource":"MISC","name":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"url":"http://www.securityfocus.com/bid/63174","refsource":"MISC","name":"http://www.securityfocus.com/bid/63174"},{"url":"https://access.redhat.com/errata/RHSA-2016:0070","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2016:0070"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/88133","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}]}},"nvd":{"publishedDate":"2013-10-28 21:55:00","lastModifiedDate":"2018-01-09 02:29:00","problem_types":["CWE-20"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"3.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"2186","Ordinal":"61813","Title":"CVE-2013-2186","CVE":"CVE-2013-2186","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"2186","Ordinal":"1","NoteData":"The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"2186","Ordinal":"2","NoteData":"2013-10-28","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"2186","Ordinal":"3","NoteData":"2018-01-08","Type":"Other","Title":"Modified"}]}}}