High severityNVD Advisory· Published Oct 28, 2013· Updated Jun 16, 2026
CVE-2013-2186
CVE-2013-2186
Description
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
commons-fileupload:commons-fileuploadMaven | < 1.3.1 | 1.3.1 |
Affected products
9- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*
- ghsa-coords2 versionspkg:maven/commons-fileupload/commons-fileuploadpkg:rpm/opensuse/apache-commons-fileupload&distro=openSUSE%20Tumbleweed
< 1.3.1+ 1 more
- (no CPE)range: < 1.3.1
- (no CPE)range: < 1.4-1.9
Patches
Vulnerability mechanics
References
23- rhn.redhat.com/errata/RHSA-2013-1428.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-1429.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-1430.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-1448.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-qx6h-9567-5fqwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2186ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-10/msg00033.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-10/msg00050.htmlnvdWEB
- ubuntu.com/usn/usn-2029-1nvdWEB
- www.debian.org/security/2013/dsa-2827nvdWEB
- www.securityfocus.com/bid/63174nvdWEB
- access.redhat.com/errata/RHSA-2016:0070nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/88133nvdWEB
- github.com/apache/commons-fileupload/blob/master/RELEASE-NOTES.txtghsaWEB
- github.com/apache/commons-fileupload/commit/163a6061fbc077d4b6e4787d26857c2baba495d1ghsaWEB
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01nvdWEB
- www.tenable.com/security/research/tra-2016-23nvdWEB
- rhn.redhat.com/errata/RHSA-2013-1442.htmlnvd
- secunia.com/advisories/55716nvd
- www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
News mentions
0No linked articles in our index yet.