Provide Patch for XWork ParametersInterceptor attacks

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: High
    • 2.9.2
    • Affects Version/s: None
    • Component/s: None

      Clarification Sorry, we should have filled in this before making the issue public.

      The attached patch can be applied to any version of Confluence from 1.3 - 2.9.1. It works by filtering out URL parameters that are known to be dangerous. To apply the patch, follow the instructions given by Roberto below.

      You do not need to patch Confluence 2.9.2 as it already includes this fix.

        1. ParameterFilterInterceptor.class
          2 kB
          m@
        2. ParameterFilterInterceptor.java
          2 kB
          m@

            Assignee:
            CharlesA
            Reporter:
            m@ (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: