Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
BID:69728
Info
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
| Bugtraq ID: | 69728 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-4444 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2014 12:00AM |
| Updated: | May 23 2017 04:27PM |
| Credit: | Pierre Ernst of the VMware Security Engineering. |
| Vulnerable: |
Oracle Communications Policy Management 12.1.1 Oracle Communications Policy Management 10.4.1 Oracle Communications Policy Management 9.9.1 Oracle Communications Policy Management 9.7.3 IBM WebSphere Application Server Community Edition 3.0.0.4 IBM Rational Test Workbench 8.5 2 IBM Rational Test Workbench 8.5 1 IBM Rational Test Workbench 8.0.1 4 IBM Rational Test Workbench 8.0.1 3 IBM Rational Test Workbench 8.0.1 2 IBM Rational Test Workbench 8.0.1 1 IBM Rational Test Workbench 8.0.1 IBM Rational Test Workbench 8.0 3 IBM Rational Test Workbench 8.0 2 IBM Rational Test Workbench 8.0 1 IBM Rational Test Workbench 8.5 IBM Rational Test Workbench 8.0 IBM Rational Test Virtualization Server 8.5 2 IBM Rational Test Virtualization Server 8.5 1 IBM Rational Test Virtualization Server 8.0.1 4 IBM Rational Test Virtualization Server 8.0.1 3 IBM Rational Test Virtualization Server 8.0.1 2 IBM Rational Test Virtualization Server 8.0.1 1 IBM Rational Test Virtualization Server 8.0.1 IBM Rational Test Virtualization Server 8.0 3 IBM Rational Test Virtualization Server 8.0 2 IBM Rational Test Virtualization Server 8.0 1 IBM Rational Test Virtualization Server 8.0 IBM Rational Test Virtualization Server 8.5.0.0 IBM Power HMC 8.2.0.0 IBM Power HMC 8.1.0.0 IBM Power HMC 7.7.9.0 IBM Power HMC 7.7.8.0 IBM Power HMC 7.7.3.0 IBM CCR Drop 13.7 IBM CCR Drop 13.5 IBM CCR 5.0 IBM CCR 4.9 IBM ARA 2.5.7 2 IBM ARA 2.5.7 1 IBM ARA 2.5.6 IBM ARA 2.5.5 2 IBM ARA 2.5.5 IBM ARA 2.5.4 IBM ARA 2.5.3 IBM ARA 2.5.2 IBM ARA 2.5.1 IBM ARA 2.5 IBM ARA 2.4.2 IBM ARA 2.4.1 IBM ARA 2.4 1 IBM Algo One 5.0 IBM Algo One 4.9 IBM Algo One 4.8 IBM Algo One 4.7.1 IBM Algo One 4.7 IBM Algo One 4.9.1 HP OpenVMS CSWS_JAVA 7.0.29 Apache Tomcat 7.0.33 Apache Tomcat 7.0.32 Apache Tomcat 7.0.31 Apache Tomcat 7.0.30 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 7.0.27 Apache Tomcat 7.0.26 Apache Tomcat 7.0.25 Apache Tomcat 7.0.24 Apache Tomcat 7.0.23 Apache Tomcat 7.0.16 Apache Tomcat 7.0.15 Apache Tomcat 7.0.14 Apache Tomcat 7.0.13 Apache Tomcat 7.0.12 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8 Apache Tomcat 7.0.7 Apache Tomcat 7.0.6 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3 Apache Tomcat 7.0.2 Apache Tomcat 7.0.1 Apache Tomcat 7.0 Apache Tomcat 7.0.5 Apache Tomcat 7.0.39 Apache Tomcat 7.0.38 Apache Tomcat 7.0.37 Apache Tomcat 7.0.36 Apache Tomcat 7.0.35 Apache Tomcat 7.0.34 Apache Tomcat 7.0.22 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.19 Apache Tomcat 7.0.18 Apache Tomcat 7.0.11 Apache Tomcat 7.0.10 Apache Tomcat 7.0 |
| Not Vulnerable: |
Apache Tomcat 7.0.40 |
Discussion
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
Apache Tomcat is prone to a vulnerability that lets attackers upload arbitrary files.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the web server process.
Tomcat versions 7.0.0 through 7.0.39 are vulnerable.
Apache Tomcat is prone to a vulnerability that lets attackers upload arbitrary files.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the web server process.
Tomcat versions 7.0.0 through 7.0.39 are vulnerable.
Exploit / POC
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
References:
References:
- Apache Tomcat 7.x vulnerabilities (Apache)
- Apache Tomcat Homepage (Apache)
- Revision 1470437 (Apache Software Foundation)
- Critical Patch Security Advisory - October 2016 (Oracle)
- HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnera (HP)
- IBM Algo One is affected by multiple Open Source Tomcat security vulnerabilities (IBM)
- Security Bulletin: Rational Test Control Panel component in Rational Test Workbe (IBM)
- Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in (IBM)
- Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Co (IBM)