[CONFSERVER-14704] Impropper sanitisation of attachment filenames allows header injection - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.10.3
Affects Version/s: 2.3
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

HeaderSanitisingFilter.class
15/Apr/2009 1:29 AM
2 kB
Andrew Lynch
HeaderSanitisingResponseWrapper.class
15/Apr/2009 1:29 AM
3 kB
Andrew Lynch
Picture 64.png
26/Feb/2009 12:44 AM
37 kB
David Cheney

Assignee:: Andrew Lynch (Inactive)

Reporter:: David Cheney (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 26/Feb/2009 12:44 AM

Updated:: 11/Oct/2018 8:53 AM

Resolved:: 24/Mar/2009 5:18 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates