[CONFSERVER-8978] Vulnerability against DoS attack via labels - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.5.6, 2.6.0
Affects Version/s: 2.5.4
Component/s: None
Labels:
Environment:

Standalone

Bug Fix Policy:
View Atlassian Server bug fix policy

Description:
When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word (or something like this).

Exploit:
Giving x thousand characters (depends on the machine) separated by space as label results the system is breaking down.

causes

CONFSERVER-29910 Allow pages/spaces to be favorited by more than 500 users

Closed

mentioned in: Page Loading...

Assignee:: Samuel Le Berrigaud

Reporter:: Gergely Hodicska

Affected customers:: 2 This affects my team

Watchers:: 1 Start watching this issue

Created:: 23/Jul/2007 11:45 AM

Updated:: 11/Oct/2018 8:58 AM

Resolved:: 03/Aug/2007 1:20 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates