Arbitrary File Overwrite Vulnerability in Apache Commons FileUpload

Arbitrary File Overwrite Vulnerability in Apache Commons FileUpload

CVE-2013-0248 · LOW Severity

AV:L/AC:M/AU:N/C:N/I:P/A:P

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Learn more about our Cis Benchmark Audit For Apache Http Server.