CVE-2013-4444

Description

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

How to fix CVE-2013-4444

To remediate CVE-2013-4444, upgrade the affected package to a fixed version below.

• Maven/org.apache.tomcat:tomcat—upgrade to 7.0.40 or later

Is CVE-2013-4444 being exploited?

Moderate — EPSS is 9.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• >= 7.0, < 7.0.40

References (12)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-4444
• PATCHgithub.com/apache/tomcat
• WEBarchives.neohapsis.com/archives/bugtraq/2014-09/0075.html
• WEBmarc.info/?l=bugtraq&m=144498216801440&w=2
• WEB