[CONFSERVER-14275] HTTP Header Injection vulnerability: os_destination value not properly escaped when used as redirect location

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.10.2
Affects Version/s: None
Component/s: None
Labels:
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Issue to track the Seraph security vulnerability, SER-127, and including the fix in Confluence (once it is fixed).

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

atlassian-seraph-0.38.3.jar
146 kB
17/Feb/2009 4:31 AM

Form Name

Andrew Lynch (Inactive) added a comment - 17/Feb/2009 4:34 AM - edited

Instructions for installing the patch

Attached to this JIRA issue is the patched jar file that will correct this problem.

Simply remove the existing atlassian-seraph-0.38-<version>.jar file from your WEB-INF/lib folder and replace it with the atlassian-seraph-0.38.3.jar file attached to this JIRA issue.

Note: You will need to restart your application server running Confluence for this patch to take effect.

This patch should be compatible with Confluence 2.8.2 upwards.

Regards,
Andrew Lynch

Andrew Lynch (Inactive) added a comment - 17/Feb/2009 4:34 AM - edited Instructions for installing the patch Attached to this JIRA issue is the patched jar file that will correct this problem. Simply remove the existing atlassian-seraph-0.38-<version>.jar file from your WEB-INF/lib folder and replace it with the atlassian-seraph-0.38.3.jar file attached to this JIRA issue. Note: You will need to restart your application server running Confluence for this patch to take effect. This patch should be compatible with Confluence 2.8.2 upwards. Regards, Andrew Lynch

Matt Ryall added a comment - 17/Feb/2009 4:18 AM

Andrew, we need a patch (new version of Seraph?) attached here for Confluence versions 2.8.x and 2.9.x.

Matt Ryall added a comment - 17/Feb/2009 4:18 AM Andrew, we need a patch (new version of Seraph?) attached here for Confluence versions 2.8.x and 2.9.x.

Matt Ryall added a comment - 23/Jan/2009 5:00 AM

We should probably check with JIRA to see if they have an acceptance test we can use to test for this vulnerability in Confluence.

Matt Ryall added a comment - 23/Jan/2009 5:00 AM We should probably check with JIRA to see if they have an acceptance test we can use to test for this vulnerability in Confluence.

Assignee:: Andrew Lynch (Inactive)

Reporter:: Matt Ryall

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 23/Jan/2009 3:39 AM

Updated:: 30/Mar/2022 7:11 AM

Resolved:: 03/Feb/2009 2:34 AM

Details

Description

Attachments

Attachments

Forms

Activity

Collapse comment: Andrew Lynch (Inactive) added a comment - 17/Feb/2009 4:34 AM, Edited by Giles Gaskell [Atlassian] - 18/Feb/2009 3:11 AM

Expand comment: Andrew Lynch (Inactive) added a comment - 17/Feb/2009 4:34 AM, Edited by Giles Gaskell [Atlassian] - 18/Feb/2009 3:11 AM

Collapse comment: Matt Ryall added a comment - 17/Feb/2009 4:18 AM

Expand comment: Matt Ryall added a comment - 17/Feb/2009 4:18 AM

Collapse comment: Matt Ryall added a comment - 23/Jan/2009 5:00 AM

Expand comment: Matt Ryall added a comment - 23/Jan/2009 5:00 AM

People

Dates