-
Bug
-
Resolution: Fixed
-
Medium
-
all, 7.1.0
-
Severity 2 - Major
-
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
Acknowledgment
We would like to thank Peleg Hadar of SafeBreach Labs for reporting this vulnerability.