Red Hat Security Advisory 2016-0070-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.
e73b61bb8856329558f3b1fe6a7f3f2ec02da96fe2e70154bb79cba5ab14ce31
Debian Linux Security Advisory 2827-1 - It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
b144c83429845a0742d8eec386e2ad9aa7daae1d23198f019d146d224192183a
Ubuntu Security Notice 2029-1 - It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files.
e46f28c46612b15cb45c3973ca0a42be6548193b0092ba892008a75ab4d2f9b3
Red Hat Security Advisory 2013-1448-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
03fa7e52d5b3150d12a62cd92687cd74e25829acb9a583514ad4089323ece6f9
Red Hat Security Advisory 2013-1442-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.
09a83cfadcd0718be4cf3282cc62e3a06504e0e11a5570e51089886170ee834f
Red Hat Security Advisory 2013-1429-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of Red Hat JBoss Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
e4609645f4cd637011a2643599aa3263a831c9a6435202a828d6adef065e469f
Red Hat Security Advisory 2013-1430-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.
8b2547fa6d3975c3a91727576e45109a28a17517cad7448a131a2f7b6230c3f5
Red Hat Security Advisory 2013-1428-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. Warning: Before applying the update, back up your existing Red Hat JBoss Enterprise Web Server installation.
b976071b14d373df151db7787b9d20fe22a7a606d389e8f152187779ade395e2