Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4444

Опубликовано: 10 сент. 2014
Источник: redhat
CVSS2: 7.5
EPSS Низкий

Описание

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Отчет

Not Vulnerable. This issue did not affect the versions of Tomcat and JBoss Web as shipped with any Red Hat product, as this flaw was handled by Red Hat as CVE-2013-2185. This flaw is to be considered a duplicate of CVE-2013-4444.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 4jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Enterprise Web Server 1tomcat5Not affected
Red Hat JBoss Enterprise Web Server 1tomcat6Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1140314tomcat: remote code execution via uploaded JSP

EPSS

Процентиль: 90%
0.06209
Низкий

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4444

ubuntu
почти 11 лет назад

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

nvd логотип

CVE-2013-4444

nvd
почти 11 лет назад

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

debian логотип

CVE-2013-4444

debian
почти 11 лет назад

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0 ...

github логотип

GHSA-h6c8-x5r3-pm88

github
около 3 лет назад

Apache Tomcat Unrestricted file upload vulnerability

fstec логотип

BDU:2015-00410

fstec
почти 11 лет назад

Уязвимость программного обеспечения Apache Tomcat, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 90%
0.06209
Низкий

7.5 High

CVSS2