Web application abuses : Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.806815

Kategorie: Web application abuses

Titel: Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities

Zusammenfassung: Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities.

Beschreibung: Summary:
Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to

- An improper sanitization of user supplied input via different parameters
in the REST API.

- An Insecure Direct Object Reference via parameter 'decoratorName'.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary script code in a user's browser session
and to read configuration files from the application.

Affected Software/OS:
Confluence versions 5.9.1, 5.8.14
5.8.15, 5.2.

Solution:
Upgrade to Confluence version 5.8.17 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8398
Bugtraq: 20160104 Confluence Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/537232/100/0/threaded
https://www.exploit-db.com/exploits/39170/
Common Vulnerability Exposure (CVE) ID: CVE-2015-8399

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.806815
Kategorie:	Web application abuses
Titel:	Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities
Zusammenfassung:	Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities.
Beschreibung:	Summary: Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An improper sanitization of user supplied input via different parameters in the REST API. - An Insecure Direct Object Reference via parameter 'decoratorName'. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session and to read configuration files from the application. Affected Software/OS: Confluence versions 5.9.1, 5.8.14 5.8.15, 5.2. Solution: Upgrade to Confluence version 5.8.17 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8398 Bugtraq: 20160104 Confluence Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/537232/100/0/threaded https://www.exploit-db.com/exploits/39170/ Common Vulnerability Exposure (CVE) ID: CVE-2015-8399
Copyright	Copyright (C) 2016 Greenbone AG