CVE-2013-2186 - Vulnerability Details

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Server Jboss Operations Network Openshift
Ubuntu	Ubuntu

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07::::::
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:::::::*
	cpe:2.3:a:redhat:openshift:::::enterprise:::*

Configuration 2 [-]

cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*

Package	CPE	Advisory	Released Date
JBoss Enterprise BRMS Platform 5.3
	cpe:/a:redhat:jboss_enterprise_brms_platform:5.3.1	RHSA-2013:1430	2013-10-15T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2013:1428	2013-10-15T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 6
jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2013:1428	2013-10-15T00:00:00Z
Red Hat JBoss Operations Network 3.1
	cpe:/a:redhat:jboss_operations_network:3.1.2	RHSA-2013:1448	2013-10-21T00:00:00Z
Red Hat JBoss Portal 4.3
	cpe:/a:redhat:jboss_enterprise_portal_platform:4.3.0:update7	RHSA-2013:1430	2013-10-15T00:00:00Z
Red Hat JBoss Portal 5.2
	cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2	RHSA-2013:1430	2013-10-15T00:00:00Z
Red Hat JBoss Portal Platform 6.0
	cpe:/a:redhat:jboss_enterprise_portal_platform:6.0.0	RHSA-2013:1430	2013-10-15T00:00:00Z
Red Hat JBoss SOA Platform 4.3
	cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0:update5	RHSA-2013:1442	2013-10-17T00:00:00Z
Red Hat JBoss SOA Platform 5.3
	cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1	RHSA-2013:1442	2013-10-17T00:00:00Z
Red Hat JBoss Web Server 1.0
	cpe:/a:redhat:jboss_enterprise_web_server:1.0.2	RHSA-2013:1429	2013-10-15T00:00:00Z
Red Hat OpenShift Enterprise 3.1
atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
heapster-0:0.18.2-3.gitaf4752e.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
jenkins-0:1.625.3-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-align-text-0:0.1.3-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-ansi-green-0:0.1.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-ansi-wrap-0:0.1.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-anymatch-0:1.3.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-array-unique-0:0.2.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-arr-diff-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-arr-flatten-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-arrify-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-async-each-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-binary-extensions-0:1.3.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-braces-0:1.8.2-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-capture-stack-trace-0:1.0.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-chokidar-0:1.4.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-configstore-0:1.4.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-create-error-class-0:2.0.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-deep-extend-0:0.3.2-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-duplexer-0:0.1.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-duplexify-0:3.4.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-end-of-stream-0:1.1.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-error-ex-0:1.2.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-es6-promise-0:3.0.2-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-event-stream-0:3.3.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-expand-brackets-0:0.1.4-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-expand-range-0:1.8.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-extglob-0:0.3.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-filename-regex-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-fill-range-0:2.2.3-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-for-in-0:0.1.4-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-for-own-0:0.1.3-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-from-0:0.1.3-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-glob-base-0:0.3.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-glob-parent-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-got-0:5.2.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-graceful-fs-0:4.1.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-ini-0:1.1.0-6.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-binary-path-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-dotfile-0:1.0.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-equal-shallow-0:0.1.3-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-extendable-0:0.1.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-extglob-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-glob-0:2.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-npm-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-number-0:2.1.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-isobject-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-plain-obj-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-primitive-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-redirect-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-is-stream-0:1.0.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-kind-of-0:3.0.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-latest-version-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lazy-cache-0:1.0.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.assign-0:3.2.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.baseassign-0:3.2.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.basecopy-0:3.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.bindcallback-0:3.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.createassigner-0:3.1.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.defaults-0:3.1.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.getnative-0:3.9.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.isarguments-0:3.0.4-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.isarray-0:3.0.4-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.isiterateecall-0:3.0.9-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.keys-0:3.1.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lodash.restparam-0:3.6.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-lowercase-keys-0:1.0.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-map-stream-0:0.1.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-micromatch-0:2.3.5-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-mkdirp-0:0.5.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-nodemon-0:1.8.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-node-status-codes-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-normalize-path-0:2.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-object-assign-0:4.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-object.omit-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-optimist-0:0.4.0-5.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-osenv-0:0.1.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-os-homedir-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-os-tmpdir-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-package-json-0:2.3.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-parse-glob-0:3.0.4-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-parse-json-0:2.2.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-pause-stream-0:0.0.11-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-pinkie-0:2.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-pinkie-promise-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-prepend-http-0:1.0.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-preserve-0:0.2.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-ps-tree-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-randomatic-0:1.1.5-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-rc-0:1.1.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-read-all-stream-0:3.0.1-3.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-readdirp-0:2.0.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-regex-cache-0:0.4.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-registry-url-0:3.0.3-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-repeat-element-0:1.1.2-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-semver-0:5.1.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-semver-diff-0:2.1.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-slide-0:1.1.5-3.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-split-0:0.3.3-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-stream-combiner-0:0.2.1-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-string-length-0:1.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-strip-json-comments-0:1.0.2-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-success-symbol-0:0.1.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-through-0:2.3.4-4.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-timed-out-0:2.0.0-3.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-touch-0:1.0.0-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-undefsafe-0:0.0.3-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-unzip-response-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-update-notifier-0:0.6.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-url-parse-lax-0:1.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-uuid-0:2.0.1-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-write-file-atomic-0:1.1.2-2.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nodejs-xdg-basedir-0:2.0.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
nss_wrapper-0:1.0.3-1.el7	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
openshift-ansible-0:3.0.35-1.git.0.6a386dd.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
openvswitch-0:2.4.0-1.el7	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z
origin-kibana-0:0.5.0-1.el7aos	cpe:/a:redhat:openshift:3.1::el7	RHSA-2016:0070	2016-01-26T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
http://rhn.redhat.com/errata/RHSA-2013-1428.html
http://rhn.redhat.com/errata/RHSA-2013-1429.html
http://rhn.redhat.com/errata/RHSA-2013-1430.html
http://rhn.redhat.com/errata/RHSA-2013-1442.html
http://rhn.redhat.com/errata/RHSA-2013-1448.html
http://secunia.com/advisories/55716
http://ubuntu.com/usn/usn-2029-1
http://www.debian.org/security/2013/dsa-2827
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/63174
https://access.redhat.com/errata/RHSA-2016:0070
https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
https://nvd.nist.gov/vuln/detail/CVE-2013-2186
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
https://www.cve.org/CVERecord?id=CVE-2013-2186
https://www.tenable.com/security/research/tra-2016-23

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-28T21:00:00

Updated: 2024-08-06T15:27:40.996Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2186

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-10-28T21:55:05.157

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-2186

Redhat

Severity : Important

Publid Date: 2013-10-15T00:00:00Z

Links: CVE-2013-2186 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-08T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"name": "RHSA-2013:1429", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "apache-commons-cve20132186-file-overrwite(88133)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"name": "openSUSE-SU-2013:1571", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "55716", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55716"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "openSUSE-SU-2013:1596", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"name": "SUSE-SU-2013:1660", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"name": "RHSA-2013:1428", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"name": "DSA-2827", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2827"}, {"name": "RHSA-2016:0070", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"name": "RHSA-2013:1442", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"name": "RHSA-2013:1448", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2016-23"}, {"name": "63174", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63174"}, {"name": "USN-2029-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-2029-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:40.996Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"name": "RHSA-2013:1429", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "apache-commons-cve20132186-file-overrwite(88133)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"name": "openSUSE-SU-2013:1571", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "55716", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55716"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "openSUSE-SU-2013:1596", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"name": "SUSE-SU-2013:1660", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"name": "RHSA-2013:1428", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"name": "DSA-2827", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2827"}, {"name": "RHSA-2016:0070", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"name": "RHSA-2013:1442", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"name": "RHSA-2013:1448", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2016-23"}, {"name": "63174", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/63174"}, {"name": "USN-2029-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-2029-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2186", "datePublished": "2013-10-28T21:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:40.996Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6B1CE36-5131-425D-90BD-FC597F27B3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "C9C9C8B4-693E-4777-BC31-5933147DFC54", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC0F117C-E25C-4B0C-9459-4BB4413440CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36684290-780F-444A-8534-907C52796F6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", "versionEndIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*", "matchCriteriaId": "C0939929-26C2-4BD4-A57A-38CCE953D47B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."}, {"lang": "es", "value": "La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a trav\u00e9s de un byte NULL en un nombre de archivo en una instancia serializada."}], "id": "CVE-2013-2186", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-28T21:55:05.157", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55716"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-2029-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2827"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63174"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"source": "secalert@redhat.com", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"source": "secalert@redhat.com", "url": "https://www.tenable.com/security/research/tra-2016-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ubuntu.com/usn/usn-2029-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/63174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/research/tra-2016-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1430", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3.1", "product_name": "JBoss Enterprise BRMS Platform 5.3", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1428", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1428", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el6", "package": "jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el6", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1448", "cpe": "cpe:/a:redhat:jboss_operations_network:3.1.2", "product_name": "Red Hat JBoss Operations Network 3.1", "release_date": "2013-10-21T00:00:00Z"}, {"advisory": "RHSA-2013:1430", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3.0:update7", "product_name": "Red Hat JBoss Portal 4.3", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1430", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2", "product_name": "Red Hat JBoss Portal 5.2", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1430", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.0.0", "product_name": "Red Hat JBoss Portal Platform 6.0", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2013:1442", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0:update5", "product_name": "Red Hat JBoss SOA Platform 4.3", "release_date": "2013-10-17T00:00:00Z"}, {"advisory": "RHSA-2013:1442", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-10-17T00:00:00Z"}, {"advisory": "RHSA-2013:1429", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1.0.2", "product_name": "Red Hat JBoss Web Server 1.0", "release_date": "2013-10-15T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "heapster-0:0.18.2-3.gitaf4752e.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "jenkins-0:1.625.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-align-text-0:0.1.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ansi-green-0:0.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ansi-wrap-0:0.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-anymatch-0:1.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-array-unique-0:0.2.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arr-diff-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arr-flatten-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arrify-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-async-each-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-binary-extensions-0:1.3.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-braces-0:1.8.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-capture-stack-trace-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-chokidar-0:1.4.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-configstore-0:1.4.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-create-error-class-0:2.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-deep-extend-0:0.3.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-duplexer-0:0.1.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-duplexify-0:3.4.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-end-of-stream-0:1.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-error-ex-0:1.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-es6-promise-0:3.0.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-event-stream-0:3.3.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-expand-brackets-0:0.1.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-expand-range-0:1.8.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-extglob-0:0.3.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-filename-regex-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-fill-range-0:2.2.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-for-in-0:0.1.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-for-own-0:0.1.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-from-0:0.1.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-glob-base-0:0.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-glob-parent-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-got-0:5.2.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-graceful-fs-0:4.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ini-0:1.1.0-6.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-binary-path-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-dotfile-0:1.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-equal-shallow-0:0.1.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-extendable-0:0.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-extglob-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-glob-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-npm-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-number-0:2.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-isobject-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-plain-obj-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-primitive-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-redirect-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-stream-0:1.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-kind-of-0:3.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-latest-version-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lazy-cache-0:1.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.assign-0:3.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.baseassign-0:3.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.basecopy-0:3.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.bindcallback-0:3.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.createassigner-0:3.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.defaults-0:3.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.getnative-0:3.9.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isarguments-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isarray-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isiterateecall-0:3.0.9-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.keys-0:3.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.restparam-0:3.6.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lowercase-keys-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-map-stream-0:0.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-micromatch-0:2.3.5-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mkdirp-0:0.5.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-nodemon-0:1.8.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-node-status-codes-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-normalize-path-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-object-assign-0:4.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-object.omit-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-optimist-0:0.4.0-5.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-osenv-0:0.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-os-homedir-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-os-tmpdir-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-package-json-0:2.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-parse-glob-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-parse-json-0:2.2.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pause-stream-0:0.0.11-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pinkie-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pinkie-promise-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-prepend-http-0:1.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-preserve-0:0.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ps-tree-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-randomatic-0:1.1.5-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-rc-0:1.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-read-all-stream-0:3.0.1-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-readdirp-0:2.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-regex-cache-0:0.4.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-registry-url-0:3.0.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-repeat-element-0:1.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-semver-0:5.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-semver-diff-0:2.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-slide-0:1.1.5-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-split-0:0.3.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-stream-combiner-0:0.2.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-string-length-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-strip-json-comments-0:1.0.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-success-symbol-0:0.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-through-0:2.3.4-4.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-timed-out-0:2.0.0-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-touch-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-undefsafe-0:0.0.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-unzip-response-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-update-notifier-0:0.6.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-url-parse-lax-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-uuid-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-write-file-atomic-0:1.1.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-xdg-basedir-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nss_wrapper-0:1.0.3-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "openshift-ansible-0:3.0.35-1.git.0.6a386dd.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "openvswitch-0:2.4.0-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "origin-kibana-0:0.5.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}], "bugzilla": {"description": "commons-fileupload: Arbitrary file upload via deserialization", "id": "974814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974814"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-626", "details": ["The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance."], "name": "CVE-2013-2186", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "dsp-5.3", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "eap-4.x", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "eap-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "eds-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "ewp-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "jbds", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3.1", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss Operations Network 3.1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:4", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss Portal 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss SOA Platform 4.3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "commons-fileupload", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2013-10-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2186\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2186"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object