Red Hat Security Advisory 2013-1265-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
ed88b7deaf57daa692d0f6dd5fc2d12538c3e9f89c4222ad893b47d1e15cb4ce
Red Hat Security Advisory 2013-1193-01 - JBoss Web is the web container, based on Apache Tomcat, in Red Hat JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
1015edbe821c6e10452f4c776f4e796ed14ade7b37b51f99ee8072afb2a2d358
Red Hat Security Advisory 2013-1194-01 - JBoss Web is the web container, based on Apache Tomcat, in Red Hat JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
6f6d113bd6057b90caa24b61b15e39fadb34cbae8328babe5c75452e98647549