Details
-
Suggestion
-
Resolution: Timed out
-
None
-
None
-
1
-
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
There is an issue in server instances of Confluence caused by arbitrary HOST header of redirection. There have been a number of security issues in non-atlassian software caused by using the HOST header of an incoming request. Therefore, this suggestion issue to request that when Confluence sees a request with a HOST header that does not match the instance's server url to redirect the request to the server url.
Attachments
Issue Links
- relates to
-
JRASERVER-44574 Redirect requests that have a different HOST header than what JIRA is configured to serve for to the correct (configured) JIRA server url.
- Closed
-
CONFCLOUD-39636 Redirect requests that have a different HOST header than what is configured to the correct (configured) server url.
- Gathering Interest
-
CSP-181918 Loading...
- links to
- mentioned in
-
Page Loading...