Vulnerabilities > CVE-2012-2926 - Unspecified vulnerability in Atlassian products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Vulnerable Configurations
Exploit-Db
description | Atlassian Tempo 6.4.3, JIRA 5.0 0, Gliffy 3.7.0 XML Parsing Denial of Service Vulnerability. CVE-2012-2926. Dos exploit for jsp platform |
id | EDB-ID:37218 |
last seen | 2016-02-04 |
modified | 2012-05-17 |
published | 2012-05-17 |
reporter | anonymous |
source | https://www.exploit-db.com/download/37218/ |
title | Atlassian Tempo 6.4.3, JIRA 5.0 0, Gliffy 3.7.0 - XML Parsing Denial of Service Vulnerability |
Metasploit
description | This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This module has been tested successfully on Linux and Windows installations of Crowd. |
id | MSF:AUXILIARY/SCANNER/HTTP/ATLASSIAN_CROWD_FILEACCESS |
last seen | 2019-11-22 |
modified | 2019-03-05 |
published | 2012-06-27 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb |
title | Atlassian Crowd XML Entity Expansion Remote File Access |
Nessus
NASL family | CGI abuses |
NASL id | JIRA_5_0_1.NASL |
description | According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 5.0.1. It is, therefore, potentially affected by an XML parsing flaw due to improper restrictions on the capabilities of third-party parsers. A remote, authenticated attacker can exploit this to perform a denial of service attack against JIRA. The Tempo and Gliffy plugins for JIRA are also affected by this vulnerability; however, Nessus did not confirm that these plugins are installed. If you are using these plugins with any version of JIRA, you should upgrade or disable them. Note that Nessus has not tested for these issues but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 59329 |
published | 2012-06-01 |
reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/59329 |
title | Atlassian JIRA < 5.0.1 XML Parsing DoS |
code |
|
References
- http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17
- http://osvdb.org/81993
- http://osvdb.org/81993
- http://secunia.com/advisories/49146
- http://secunia.com/advisories/49146
- http://www.securityfocus.com/bid/53595
- http://www.securityfocus.com/bid/53595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75697
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75697