Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-34097

Remote DoS Exploit on Confluence

XMLWordPrintable

      Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs.

      Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it.

      Details on the attack can be found on https://jira.atlassian.com/browse/JRA-38884

      The vulnerability was detected on our fork of apache shindig, which atlassian-gadgets depends on. We have made a fix and published a new version for it (1.0-incubating-atlassian-20) that solves the problem.

      Any product that uses atlassian-gadgets to render gadgets is vulnerable to this, and Confluence is one of those.

      You would need to check your current version of atlassian-gadgets and see which version of apache shindig is using. Anything lower than 1.0-incubating-atlassian-20 would make Confluence vulnerable to this attack.

      The fix is quite easy, just bump the version of shindig on the version of gadgets that you are using. Then release a new version of gadgets and bump the version on Confluence to pick up the fix.

      If you need any details, ping me @jsanchez.

            [CONFSERVER-34097] Remote DoS Exploit on Confluence

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2875206 ] New: CONFSERVER Bug Workflow v4 [ 3004960 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2803211 ] New: JAC Bug Workflow v3 [ 2875206 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2735721 ] New: JAC Bug Workflow v2 [ 2803211 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2401222 ] New: JAC Bug Workflow [ 2735721 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2301268 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2401222 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2235098 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2301268 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2198203 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2235098 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1952690 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2198203 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1745772 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1952690 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1707951 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1745772 ]

              ple Phong Quoc Le (Inactive)
              jsanchez@atlassian.com Jose Jaime Sanchez (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: