Apache.Commons.FileUpload.DiskFileItem.Deserialization
Description
This indicates an attack attempt against an Insecure Desrialization vulnerability in Apache Commons Collections library.
The vulnerability is caused by deseralization of untrusted data due to a vulnerable version of Apache-Commons-FileUpload library in the software. An unauthenticated remote attacker is able to send a crafted serialized object to the target system and upload an arbitrary file.
Affected Products
Apache Commons FileUpload before 1.3.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://issues.apache.org/jira/browse/FILEUPLOAD-279
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-04-26 | 23.541 | Sig Added |
2021-12-07 | 19.211 | Sig Added |
2021-12-07 | 19.209 | Sig Added |
2019-06-10 | 14.629 | Severity:high:critical |
2018-12-04 | 13.502 | Sig Added |
2018-11-13 | 13.489 | Sig Added |
2018-11-07 | 13.486 | Name:Oracle. WebLogic. Server. Commons. FileUpload. Deserialization:Apache. Commons. FileUpload. DiskFileItem. Deserialization |