Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.5.16, 4.0.7, 4.1.10, 4.2
Affects Version/s: 4.1.9
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to:

Execute denial of service attacks against the Confluence server, or
Read all local files readable to the system user under which Confluence runs.

The attacker does not need to have an account with the affected Confluence instance.

All versions of Confluence up to and including 4.1.9 are affected.

Full details of the severity, risks and vulnerability can be found in the Confluence Security Advisory 2012-05-17.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(5 mentioned in)

Activity

People

Assignee:: VitalyA

Reporter:: Andrew

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 30/Mar/2012 4:54 AM

Updated:: 11/Oct/2018 8:57 AM

Resolved:: 07/May/2012 1:03 AM