High We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to:
- Execute denial of service attacks against the Confluence server, or
- Read all local files readable to the system user under which Confluence runs.
The attacker does not need to have an account with the affected Confluence instance.
All versions of Confluence up to and including 4.1.9 are affected.
Full details of the severity, risks and vulnerability can be found in the Confluence Security Advisory 2012-05-17.
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page"){kind=icon}
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-25077] XML Vulnerability in Confluence
| Workflow | Original: JAC Bug Workflow v3 [ 2891828 ] | New: CONFSERVER Bug Workflow v4 [ 3001261 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2779407 ] | New: JAC Bug Workflow v3 [ 2891828 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2720625 ] | New: JAC Bug Workflow v2 [ 2779407 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2384105 ] | New: JAC Bug Workflow [ 2720625 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2278391 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2384105 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220012 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2278391 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175206 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220012 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1939236 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175206 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1738021 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1939236 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1697078 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1738021 ] |