CVE-2013-4444
12.09.2014, 01:55
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 𝑥 ≤ 7.0.39 |
| apache | tomcat | 7.0.0 |
| apache | tomcat | 7.0.0:beta |
| apache | tomcat | 7.0.1 |
| apache | tomcat | 7.0.2 |
| apache | tomcat | 7.0.2:beta |
| apache | tomcat | 7.0.3 |
| apache | tomcat | 7.0.4 |
| apache | tomcat | 7.0.4:beta |
| apache | tomcat | 7.0.10 |
| apache | tomcat | 7.0.11 |
| apache | tomcat | 7.0.12 |
| apache | tomcat | 7.0.13 |
| apache | tomcat | 7.0.14 |
| apache | tomcat | 7.0.15 |
| apache | tomcat | 7.0.16 |
| apache | tomcat | 7.0.17 |
| apache | tomcat | 7.0.18 |
| apache | tomcat | 7.0.19 |
| apache | tomcat | 7.0.20 |
| apache | tomcat | 7.0.21 |
| apache | tomcat | 7.0.22 |
| apache | tomcat | 7.0.23 |
| apache | tomcat | 7.0.24 |
| apache | tomcat | 7.0.25 |
| apache | tomcat | 7.0.26 |
| apache | tomcat | 7.0.27 |
| apache | tomcat | 7.0.28 |
| apache | tomcat | 7.0.29 |
| apache | tomcat | 7.0.30 |
| apache | tomcat | 7.0.31 |
| apache | tomcat | 7.0.32 |
| apache | tomcat | 7.0.33 |
| apache | tomcat | 7.0.34 |
| apache | tomcat | 7.0.35 |
| apache | tomcat | 7.0.36 |
| apache | tomcat | 7.0.37 |
| apache | tomcat | 7.0.38 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References