[CONFSERVER-13092] Provide Patch for XWork ParametersInterceptor attacks - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.9.2
Affects Version/s: None
Component/s: None
Labels:
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Clarification Sorry, we should have filled in this before making the issue public.

The attached patch can be applied to any version of Confluence from 1.3 - 2.9.1. It works by filtering out URL parameters that are known to be dangerous. To apply the patch, follow the instructions given by Roberto below.

You do not need to patch Confluence 2.9.2 as it already includes this fix.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

ParameterFilterInterceptor.java
2 kB
23/Sep/2008 1:39 AM
ParameterFilterInterceptor.class
2 kB
23/Sep/2008 2:29 AM

Assignee:: CharlesA

Reporter:: m@ (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 22/Sep/2008 3:00 AM

Updated:: 11/Oct/2018 8:59 AM

Resolved:: 14/Oct/2008 12:31 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates