CVE-2013-4444

medium Apache
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
9.5%
Exploitation probability in 30 days
Top 7% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: September 12, 2014 (4263 days ago)
Last Modified: May 6, 2026
Vendor: Apache
Source: NVD

Description

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

CWE

CWE-94

Affected Products

apache tomcat

References

🔗 archives.neohapsis.com 🔗 marc.info 🔗 openwall.com 🔗 seclists.org 🔗 tomcat.apache.org