Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.3
Affects Version/s: 4.2.4, 6.2.7
Component/s: Issue - View Issue
Labels:

Introduced in Version:
4.02
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected Versions
4.2.4 <= version < 6.3.0

An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.

For additional details see the full advisory.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Matt Hart (Inactive)

Reporter:: Matt Hart (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 13/Feb/2017 4:43 AM

Updated:: 14/Jul/2020 5:59 AM

Resolved:: 13/Feb/2017 4:44 AM