IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

    • 10
    • Critical
    • CVE-2016-10750

      Summary
      A remote attacker who can connect to the Hazelcast service, running on port 5801 (and potentially 5701), is able to execute arbitrary code on all the nodes in a Confluence Data Center through Java deserialization.

      Vulnerability Details
      Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks (CVE-2016-10750). Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution.

      The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

              • 10
              • Critical
              • CVE-2016-10750

                Summary
                A remote attacker who can connect to the Hazelcast service, running on port 5801 (and potentially 5701), is able to execute arbitrary code on all the nodes in a Confluence Data Center through Java deserialization.

                Vulnerability Details
                Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks (CVE-2016-10750). Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution.

                The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

                        Unassigned Unassigned
                        security-metrics-bot Security Metrics Bot
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Unassigned Unassigned
                            security-metrics-bot Security Metrics Bot
                            Votes:
                            0 Vote for this issue
                            Watchers:
                            2 Start watching this issue

                              Created:
                              Updated:
                              Resolved: