Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13092

Provide Patch for XWork ParametersInterceptor attacks

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.9.2
    • None
    • None

      Clarification Sorry, we should have filled in this before making the issue public.

      The attached patch can be applied to any version of Confluence from 1.3 - 2.9.1. It works by filtering out URL parameters that are known to be dangerous. To apply the patch, follow the instructions given by Roberto below.

      You do not need to patch Confluence 2.9.2 as it already includes this fix.

        1. ParameterFilterInterceptor.class
          2 kB
        2. ParameterFilterInterceptor.java
          2 kB

              cmiller CharlesA
              mjensen m@ (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: