For this vulnerability to be exploitable, the following conditions must be met:
1) The attacker must have shell access to the machine on which Axis2
runs with any account. Obviously the vulnerability is interesting only
if that account is unprivileged and different from the account Axis2
runs as.
@axis.apache.org
Subject: apache-commons-fileupload symlink vulnerability CVE-2013-0248
From: charlie.mar...@uk.ibm.com
Date: Thu, 23 Jul 2015 11:41:06 +0100
Hi,
The current (v1.6.3) and previous releases
of Axis2 contain the apache commons
Hi,
The current (v1.6.3) and previous releases of Axis2 contain the apache
commons-fileupload-1.2.jar.
This jar is flagged as being vulnerable to CVE-2013-0248
Could anyone confirm if either:
This vulnerability is not applicable to the use of the jar in Axis2
If an update is planned
Details
