CVE-2016-1000031

HIGH

Description

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/93604

http://www.zerodayinitiative.com/advisories/ZDI-16-570/

https://issues.apache.org/jira/browse/FILEUPLOAD-279

https://issues.apache.org/jira/browse/WW-4812

https://lists.apache.org/thread.html/[email protected]%3Csolr-user.lucene.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://security.netapp.com/advisory/ntap-20190212-0001/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.tenable.com/security/research/tra-2016-12

https://www.tenable.com/security/research/tra-2016-23

https://www.tenable.com/security/research/tra-2016-30

Details

Source: MITRE

Published: 2016-10-25

Updated: 2020-10-20

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (14 total)

ID	Name	Product	Family	Severity
141564	IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)	Nessus	Web Servers	high
138528	Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)	Nessus	Databases	high
136091	Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)	Nessus	Windows	high
135678	Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU)	Nessus	Misc.	high
126788	Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)	Nessus	Misc.	high
125212	openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)	Nessus	SuSE Local Security Checks	high
125147	Oracle Enterprise Manager Ops Center (Apr 2019 CPU)	Nessus	Misc.	high
124237	Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2019 CPU)	Nessus	Misc.	high
124170	Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)	Nessus	CGI abuses	high
124169	Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)	Nessus	CGI abuses	high
119274	FreeBSD : payara -- Multiple vulnerabilities (d70c9e18-f340-11e8-be46-0019dbb15b3f)	Nessus	FreeBSD Local Security Checks	high
118732	Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability	Nessus	Misc.	high
102280	FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)	Nessus	FreeBSD Local Security Checks	high
101548	Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)	Nessus	Misc.	high