The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Commons_fileupload | Apache | 1.0 (including) | 1.0 (including) |
Commons_fileupload | Apache | 1.1 (including) | 1.1 (including) |
Commons_fileupload | Apache | 1.1.1 (including) | 1.1.1 (including) |
Commons_fileupload | Apache | 1.2 (including) | 1.2 (including) |
Commons_fileupload | Apache | 1.2.1 (including) | 1.2.1 (including) |
Commons_fileupload | Apache | 1.2.2 (including) | 1.2.2 (including) |