Vulnerability Name:

CVE-2013-2185 (CCN-87273)

Assigned:2013-09-16
Published:2013-09-16
Updated:2016-11-01
Summary:** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.
Note: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2013-2185

Source: MLIST
Type: UNKNOWN
[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185

Source: REDHAT
Type: Vendor Advisory
RHSA-2013:1193

Source: REDHAT
Type: Vendor Advisory
RHSA-2013:1194

Source: REDHAT
Type: Vendor Advisory
RHSA-2013:1265

Source: MLIST
Type: UNKNOWN
[oss-security] 20130905 Re: CVE-2013-2185 / Tomcat

Source: CCN
Type: BID-62156
Red Hat JBoss Enterprise Application Platform CVE-2013-2185 Arbitrary File Upload Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 974813
CVE-2013-2185 Tomcat/JBossWeb: Arbitrary file upload via deserialization

Source: XF
Type: UNKNOWN
jboss-enterprise-cve20132185-file-upload(87273)

Source: CCN
Type: RHSA-2013:1193
jbossweb security update

Source: CCN
Type: RHSA-2013:1194
jbossweb security update

Source: CCN
Type: RHSA-2013:1265
jbossweb security update

Source: CCN
Type: IBM Security Bulletin 6495961 (Sterling B2B Integrator)
Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2185

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version <= 7.0.39)
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20132185000
    V
    		CVE-2013-2185 on Ubuntu 12.04 LTS (precise) - low.
    2014-01-19
    BACK
    apache tomcat *
    redhat jboss enterprise application platform 6.1.0
    redhat jboss enterprise portal platform 6.0.0
    redhat jboss enterprise application platform 6.1.0
    redhat jboss portal 6.0.0
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0
    ibm sterling b2b integrator 6.0.1.0
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm sterling b2b integrator 6.1.0.0