Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-14704

Impropper sanitisation of attachment filenames allows header injection

XMLWordPrintable

      An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream

        1. HeaderSanitisingFilter.class
          2 kB
          Andrew Lynch
        2. HeaderSanitisingResponseWrapper.class
          3 kB
          Andrew Lynch
        3. Picture 64.png
          37 kB
          David Cheney

            [CONFSERVER-14704] Impropper sanitisation of attachment filenames allows header injection

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2888453 ] New: CONFSERVER Bug Workflow v4 [ 2981980 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2798247 ] New: JAC Bug Workflow v3 [ 2888453 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2733827 ] New: JAC Bug Workflow v2 [ 2798247 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399225 ] New: JAC Bug Workflow [ 2733827 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2297645 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399225 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2232859 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2297645 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193441 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2232859 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1934413 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193441 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1733961 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1934413 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1692507 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1733961 ]

              alynch Andrew Lynch (Inactive)
              dcheney David Cheney (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: