[#CONF-8978] Vulnerability against DoS attack via labels

Confluence

Vulnerability against DoS attack via labels

Created: 23/Jul/07 06:45 AM Updated: 03/Jul/08 04:55 AM

Component/s:

Labels, Security

Affects Version/s:

2.5.4

Fix Version/s:

2.5.6, 2.6.0

Time Tracking:

Not Specified

Environment:

Standalone

Participants:	Gergely Hodicska and Samuel Le Berrigaud [Atlassian]
Since last comment:	1 year, 2 weeks, 4 days ago
Resolution Date:	02/Aug/07 08:20 PM
Labels:

Description

« Hide

Description:
When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word (or something like this).

Exploit:
Giving x thousand characters (depends on the machine) separated by space as label results the system is breaking down.

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Samuel Le Berrigaud [Atlassian] added a comment - 01/Aug/07 01:49 AM

Hi Gergely,

can you be more precise on how to reproduce this problem? Which specfic methods of adding labels to Confluence were an issue?

Thankyou,
SaM & Donw

[ Permlink | « Hide ]

Gergely Hodicska added a comment - 02/Aug/07 05:30 AM

Hi SaM & Donw,

Sorry for the late answer: we experienced that if you input to the "add lables" field a long input like this: "a a a a a a ....." the system crashed, we had to restart Tomcat.

Best Regards,
Felhő

[ Permlink | « Hide ]

Samuel Le Berrigaud [Atlassian] added a comment - 02/Aug/07 08:20 PM

Introduced limits on how many labels can be added by adding labels or setting labels.