Issue Details (XML | Word | Printable)

Key: CONF-8979
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Samuel Le Berrigaud [Atlassian]
Reporter: Gergely Hodicska
Votes: 2
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Confluence

Vulnerability against DoS attack at permission setting

Created: 23/Jul/07 06:49 AM   Updated: 07/Aug/07 08:46 PM
Component/s: Permissions, Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.6, 2.6.0

Time Tracking:
Not Specified

Environment: Standalone

Participants: Gergely Hodicska and Samuel Le Berrigaud [Atlassian]
Since last comment: 1 year, 5 weeks, 5 days ago
Resolution Date: 30/Jul/07 11:10 PM
Labels:


 Description  « Hide
Description:
This bug is similar like this one: http://jira.atlassian.com/browse/CONF-8978.

Exploit:
Insert to the "Grant permission to" field x thousand comma without sapce.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Samuel Le Berrigaud [Atlassian] added a comment - 30/Jul/07 11:10 PM
Defended against DoS attack on permission grant fields by limiting the allowed number of users to 20.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators