[CWD-2797] XML Vulnerability in Crowd - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.0.9, 2.1.2, 2.2.9, 2.3.7, 2.4.1
Affects Version/s: 2.0, 2.1, 2.2, 2.3, 2.4
Component/s: REST, SOAP
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in Crowd that results from the way XML parsers are used. This vulnerability allows an attacker to:

Execute denial of service attacks against the Crowd server, or
Read all local files readable to the system user under which Crowd runs.

All versions of Crowd up to and including 2.4.0 are affected by this vulnerability.

Full details of the severity, risks and vulnerability can be found in the Crowd Security Advisory 2012-05-17.

mentioned in: Crowd Security Advisory 2012-05-17; Crowd Security Advisory 2012-05-17; Crowd Security Advisory 2012-05-17; Crowd Security Advisory 2012-05-17; Crowd Security Advisory 2012-05-17; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(7 mentioned in)

Assignee:: VitalyA

Reporter:: joe

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 26/Mar/2012 6:55 AM

Updated:: 15/Aug/2019 7:05 AM

Resolved:: 12/Apr/2012 8:31 AM