Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.1
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

There is an arbitrary resource forwarding vulnerability in TotalityFilter. The vulnerability can be triggered via the JsonRewrite class, and can lead to execution of arbitrary JSP files or downloading configuration files under the WEB-INF.

relates to

FE-4449 Default application files available for download via the application server.

Closed

was cloned as

CRUC-8052 Arbitrary resource forwarding vulnerability in TotalityFilter

Closed

Assignee:: Unassigned

Reporter:: Piotr Swiecicki

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 17/Jul/2017 9:16 AM

Updated:: 31/Dec/2019 3:00 AM

Resolved:: 17/Jul/2017 9:17 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates