For this vulnerability to be exploitable, the following conditions must be met:
1) The attacker must have shell access to the machine on which Axis2
runs with any account. Obviously the vulnerability is interesting only
if that account is unprivileged and different from the account Axis2
runs as.
Mr Martin
upgrade to commons.fileupload.version 1.3 in both
modules/fastinfoset/pom.xml and
modules/parent/pom.xml
will mitigate CVE-2013-0248
modules/fastinfoset/pom.xml:
commons-fileupload
commons-fileupload
1.3
modules/parent/pom.xml:
1.3