VYPR
High severityNVD Advisory· Published Oct 28, 2013· Updated Jun 16, 2026

CVE-2013-2186

CVE-2013-2186

Description

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commons-fileupload:commons-fileuploadMaven
< 1.3.11.3.1

Affected products

9

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.