https://bugzilla.redhat.com/show_bug.cgi?id=1393454
Bug ID: 1393454
Summary: CVE-2016-1000031 Apache Commons FileUpload:
DiskFileItem file manipulation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, alee(a)redhat.com,
aszczucz(a)redhat.com, bdawidow(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dmcphers(a)redhat.com, epp-bugs(a)redhat.com,
etirelli(a)redhat.com, felias(a)redhat.com,
gvarsami(a)redhat.com, hchiorea(a)redhat.com,
hfnukal(a)redhat.com, hhorak(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jerboaa(a)gmail.com,
jialiu(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kconner(a)redhat.com, krzysztof.daniel(a)gmail.com,
kseifried(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lmeyer(a)redhat.com,
lpetrovi(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mizdebsk(a)redhat.com, mmccomas(a)redhat.com,
mmraka(a)redhat.com, msimacek(a)redhat.com,
mweiler(a)redhat.com, mwinkler(a)redhat.com,
nwallace(a)redhat.com, omajid(a)redhat.com,
pavelp(a)redhat.com, rrajasek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sgehwolf(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com,
SpikeFedora(a)gmail.com, spinder(a)redhat.com,
tcunning(a)redhat.com, theute(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com,
trick(a)vanstaveren.us, vhalbert(a)redhat.com
There exists a Java Object in the Apache Commons FileUpload library that can be
manipulated in such a way that when it is deserialized, it can write or copy
files to disk in arbitrary locations. Furthermore, while the Object can be used
alone, this new vector can be integrated with ysoserial to upload and execute
binaries in a single deserialization call. This may or may not work depending
on an application's implementation of the FileUpload library.
External References:
http://www.tenable.com/security/research/tra-2016-12
--
You are receiving this mail because:
You are on the CC list for the bug.