CVE-2012-2926
Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-17 First Exploit
- 2012-05-22 CVE Reserved
- 2012-05-22 CVE Published
- 2024-02-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/81993 | Broken Link | |
| http://secunia.com/advisories/49146 | Not Applicable | |
| http://www.securityfocus.com/bid/53595 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/37218 | 2012-05-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Bamboo Search vendor "Atlassian" for product "Bamboo" | < 3.3.4 Search vendor "Atlassian" for product "Bamboo" and version " < 3.3.4" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bamboo Search vendor "Atlassian" for product "Bamboo" | >= 3.4 < 3.4.5 Search vendor "Atlassian" for product "Bamboo" and version " >= 3.4 < 3.4.5" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Search vendor "Atlassian" for product "Confluence" | < 3.5.16 Search vendor "Atlassian" for product "Confluence" and version " < 3.5.16" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 4.0 < 4.0.7 Search vendor "Atlassian" for product "Confluence Server" and version " >= 4.0 < 4.0.7" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 4.1 < 4.1.10 Search vendor "Atlassian" for product "Confluence Server" and version " >= 4.1 < 4.1.10" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crowd Search vendor "Atlassian" for product "Crowd" | < 2.0.9 Search vendor "Atlassian" for product "Crowd" and version " < 2.0.9" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crowd Search vendor "Atlassian" for product "Crowd" | >= 2.1 < 2.1.2 Search vendor "Atlassian" for product "Crowd" and version " >= 2.1 < 2.1.2" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crowd Search vendor "Atlassian" for product "Crowd" | >= 2.2.0 < 2.2.9 Search vendor "Atlassian" for product "Crowd" and version " >= 2.2.0 < 2.2.9" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crowd Search vendor "Atlassian" for product "Crowd" | >= 2.3.0 < 2.3.7 Search vendor "Atlassian" for product "Crowd" and version " >= 2.3.0 < 2.3.7" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crowd Search vendor "Atlassian" for product "Crowd" | >= 2.4.0 < 2.4.1 Search vendor "Atlassian" for product "Crowd" and version " >= 2.4.0 < 2.4.1" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crucible Search vendor "Atlassian" for product "Crucible" | < 2.5.8 Search vendor "Atlassian" for product "Crucible" and version " < 2.5.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crucible Search vendor "Atlassian" for product "Crucible" | >= 2.6 < 2.6.8 Search vendor "Atlassian" for product "Crucible" and version " >= 2.6 < 2.6.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Crucible Search vendor "Atlassian" for product "Crucible" | >= 2.7 < 2.7.12 Search vendor "Atlassian" for product "Crucible" and version " >= 2.7 < 2.7.12" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Fisheye Search vendor "Atlassian" for product "Fisheye" | < 2.5.8 Search vendor "Atlassian" for product "Fisheye" and version " < 2.5.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Fisheye Search vendor "Atlassian" for product "Fisheye" | >= 2.6 < 2.6.8 Search vendor "Atlassian" for product "Fisheye" and version " >= 2.6 < 2.6.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Fisheye Search vendor "Atlassian" for product "Fisheye" | >= 2.7 < 2.7.12 Search vendor "Atlassian" for product "Fisheye" and version " >= 2.7 < 2.7.12" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | < 5.0.1 Search vendor "Atlassian" for product "Jira" and version " < 5.0.1" | - |
Affected
| ||||||