[HTTP-3] Content spoofing through the application/mathml+xml content-type in the Mozilla Firefox Browser - CVE-2017-18103 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Labels:

Last commented by user?:
true

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

is related to

BAM-19824 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

BSERV-10740 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

CONFSERVER-54906 Content spoofing in the attachment resource in the Firefox browser - CVE-2018-13389

Closed

CONFSERVER-55328 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

CRUC-8214 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

FE-7068 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

JRASERVER-67612 The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

Closed

(2 is related to)

David Black made changes - 18/Jul/2018 5:59 AM

Link

New: This issue is related to ~~BSERV-10740~~ [ ~~BSERV-10740~~ ]

David Black made changes - 18/Jul/2018 5:56 AM

Link

New: This issue is related to ~~BAM-19824~~ [ ~~BAM-19824~~ ]

David Black made changes - 18/Jul/2018 5:53 AM

Link

New: This issue is related to ~~CONFSERVER-55328~~ [ ~~CONFSERVER-55328~~ ]

David Black made changes - 18/Jul/2018 5:50 AM

Link

New: This issue is related to ~~JRASERVER-67612~~ [ ~~JRASERVER-67612~~ ]

David Black made changes - 18/Jul/2018 5:18 AM

Link

New: This issue is related to ~~FE-7068~~ [ ~~FE-7068~~ ]

David Black made changes - 18/Jul/2018 5:18 AM

Link

New: This issue is related to ~~CRUC-8214~~ [ ~~CRUC-8214~~ ]

David Black made changes - 18/Jul/2018 5:01 AM

Link

New: This issue is detailed by FECRU-7495 [ FECRU-7495 ]

David Black made changes - 18/Jul/2018 4:54 AM

Link

New: This issue is detailed by JRASERVER-65933 [ JRASERVER-65933 ]

David Black made changes - 18/Jul/2018 4:50 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Reopened [ 4 ]	New: Closed [ 6 ]

David Black made changes - 18/Jul/2018 4:49 AM

Description

Original: The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/mathml+xml.

New: The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

Assignee:: David Black

Reporter:: David Black

Participants:: David Black

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 18/Jul/2018 4:36 AM

Updated:: 18/Jul/2018 5:59 AM

Resolved:: 18/Jul/2018 4:50 AM

Last commented:: 6 years, 42 weeks, 2 days ago

Details

Description

Attachments

Issue Links

Forms

Activity

[HTTP-3] Content spoofing through the application/mathml+xml content-type in the Mozilla Firefox Browser - CVE-2017-18103

People

Dates