Intrusion Prevention

Apache.Commons.FileUpload.DiskFileItem.Deserialization

Description

This indicates an attack attempt against an Insecure Desrialization vulnerability in Apache Commons Collections library.
The vulnerability is caused by deseralization of untrusted data due to a vulnerable version of Apache-Commons-FileUpload library in the software. An unauthenticated remote attacker is able to send a crafted serialized object to the target system and upload an arbitrary file.

Affected Products

Apache Commons FileUpload before 1.3.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.