Описание
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.3-2 |
| hardy | ignored | end of life |
| lucid | ignored | |
| oneiric | ignored | end of life |
| precise | ignored | |
| quantal | ignored | |
| raring | ignored | |
| saucy | not-affected | 1.3-2 |
| upstream | released | 1.3 |
Показывать по
3.3 Low
CVSS2
Связанные уязвимости
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
The default configuration of javax.servlet.context.tempdir in Apache C ...
Incorrect Default Permissions in Apache Commons FileUpload
3.3 Low
CVSS2