Re: apache-commons-fileupload symlink vulnerability CVE-2013-0248

2015-08-01 Thread Andreas Veithen
For this vulnerability to be exploitable, the following conditions must be met: 1) The attacker must have shell access to the machine on which Axis2 runs with any account. Obviously the vulnerability is interesting only if that account is unprivileged and different from the account Axis2 runs as.

RE: apache-commons-fileupload symlink vulnerability CVE-2013-0248

2015-07-23 Thread Martin Gainty
Mr Martin upgrade to commons.fileupload.version 1.3 in both modules/fastinfoset/pom.xml and modules/parent/pom.xml will mitigate CVE-2013-0248 modules/fastinfoset/pom.xml: commons-fileupload commons-fileupload 1.3 modules/parent/pom.xml: 1.3