[CONFSERVER-14275] HTTP Header Injection vulnerability: os_destination value not properly escaped when used as redirect location

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.10.2
Affects Version/s: None
Component/s: None
Labels:
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Issue to track the Seraph security vulnerability, SER-127, and including the fix in Confluence (once it is fixed).

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

atlassian-seraph-0.38.3.jar
146 kB
17/Feb/2009 4:31 AM

IT Team made changes - 30/Mar/2022 7:11 AM

Comment

[ we are using {*}atlassian-seraph-4.0.4.jar{*}. So we also need to replace it with 0.38.3 because we are already with the latest version. ]

Katherine Yabut made changes - 13/Nov/2018 4:41 AM

Workflow

Original: JAC Bug Workflow v3 [ 2875985 ]

New: CONFSERVER Bug Workflow v4 [ 2981926 ]

Owen made changes - 11/Oct/2018 8:38 AM

Workflow	Original: JAC Bug Workflow v2 [ 2775808 ]	New: JAC Bug Workflow v3 [ 2875985 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:11 PM

Workflow

Original: JAC Bug Workflow [ 2711400 ]

New: JAC Bug Workflow v2 [ 2775808 ]

Owen made changes - 02/Jul/2018 6:47 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376856 ]

New: JAC Bug Workflow [ 2711400 ]

Katherine Yabut made changes - 22/Jun/2017 6:46 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2264673 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376856 ]

Katherine Yabut made changes - 31/May/2017 5:30 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2213520 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2264673 ]

Katherine Yabut made changes - 31/May/2017 4:54 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2162323 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2213520 ]

Katherine Yabut made changes - 31/May/2017 1:57 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1918587 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2162323 ]

Katherine Yabut made changes - 03/Apr/2017 3:56 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1723138 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1918587 ]

Assignee:: Andrew Lynch (Inactive)

Reporter:: Matt Ryall

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 23/Jan/2009 3:39 AM

Updated:: 30/Mar/2022 7:11 AM

Resolved:: 03/Feb/2009 2:34 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates