Oval Definition:	oval:org.mitre.oval:def:20856
Revision Date: 2014-07-21 Version: 6 Title: DSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserialization Description: It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2013-2186 DSA-2827-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 Debian GNU/Linux 6.0 Debian GNU/Linux 7 Product(s): libcommons-fileupload-java Definition Synopsis Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND libcommons-fileupload-java DPKG is earlier than 0:1.2.2-1+deb6u1 Release section Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND libcommons-fileupload-java DPKG is earlier than 0:1.2.2-1+deb7u1
BACK