Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 5.1.5, 5.2.3, 5.2-OD-13-1
Affects Version/s: 3.5.16, 4.0.7, 4.1.10, 4.2.13, 4.3.7, 5.1.4, 5.2
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not required to exploit this vulnerability.

The vulnerability affects all versions of Confluence up to and including 5.1.4.

No other Atlassian products are affected.

For more information on this issue, including full instructions on patches and workarounds, please see the security advisory here.

Our thanks to Reginaldo Silva who reported this vulnerability.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

xwork-1.0.3.6.jar
152 kB
03/Aug/2013 8:07 AM

Issue Links

causes

CONFSERVER-30220 Redirect for login can break

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Page Loading...

relates to: MKT-8006 Loading...

(4 mentioned in, 1 relates to)

Activity

People

Assignee:: Unassigned

Reporter:: VitalyA

Votes:: 0 Vote for this issue

Watchers:: 17 Start watching this issue

Dates

Created:: 03/Aug/2013 8:00 AM

Updated:: 11/Oct/2018 8:59 AM

Resolved:: 03/Aug/2013 8:33 AM