Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:ORACLE:WEBLOGIC-FILE-UPLOAD |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization |
Release Date |
2016/08/18 |
Update Number |
2769 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Oracle WebLogic Server. Successful exploitation can result in arbitrary file upload.
Extended Description
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Affected Products
- Redhat jboss_enterprise_brms_platform 5.3.1
- Redhat jboss_enterprise_portal_platform 4.3.0
- Redhat jboss_enterprise_portal_platform 5.2.2
- Redhat jboss_enterprise_portal_platform 6.0.0
- Redhat jboss_enterprise_web_server 1.0.2
- Redhat openshift 3.1
- Ubuntu ubuntu 10.04
References
- CVE: CVE-2013-2186