[HTTP-3] Content spoofing through the application/mathml+xml content-type in the Mozilla Firefox Browser - CVE-2017-18103 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Labels:

Last commented by user?:
true

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

is related to

BAM-19824 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

BSERV-10740 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

CONFSERVER-54906 Content spoofing in the attachment resource in the Firefox browser - CVE-2018-13389

Closed

CONFSERVER-55328 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

CRUC-8214 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

FE-7068 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

JRASERVER-67612 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

(2 is related to)

David Black added a comment - 18/Jul/2018 4:45 AM

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.7 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

David Black added a comment - 18/Jul/2018 4:45 AM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 4.7 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity None Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Assignee:: David Black

Reporter:: David Black

Participants:: David Black

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 18/Jul/2018 4:36 AM

Updated:: 18/Jul/2018 5:59 AM

Resolved:: 18/Jul/2018 4:50 AM

Last commented:: 6 years, 39 weeks, 2 days ago

Details

Description

Attachments

Issue Links

Forms

Activity

[HTTP-3] Content spoofing through the application/mathml+xml content-type in the Mozilla Firefox Browser - CVE-2017-18103

Collapse comment: David Black added a comment - 18/Jul/2018 4:45 AM

Expand comment: David Black added a comment - 18/Jul/2018 4:45 AM

People

Dates