Lucene search

MitreCVE-2012-2928

HistoryMay 22, 2012 - 3:55 p.m.

CVE-2012-2928

2012-05-2215:55:02

CWE-264

mitre

web.nvd.nist.gov

cve-2012-2928

gliffy

atlassian jira

atlassian confluence

xml parsing

remote code execution

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

7.1

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Affected configurations

Nvd

Node

gliffygliffyRange≤3.7

AND

atlassianjiraRange≤5.0.0

Node

gliffygliffyRange≤3.7

gliffygliffyMatch1.0.1

gliffygliffyMatch2.0.0

gliffygliffyMatch2.0.1

gliffygliffyMatch2.1.0

gliffygliffyMatch2.1.1

gliffygliffyMatch2.1.2

gliffygliffyMatch2.1.3

gliffygliffyMatch2.2.0

gliffygliffyMatch2.2.1

gliffygliffyMatch2.2.2

gliffygliffyMatch3.0.0

gliffygliffyMatch3.0.1

gliffygliffyMatch3.0.2

gliffygliffyMatch3.0.3

gliffygliffyMatch3.0.4

gliffygliffyMatch3.0.5

gliffygliffyMatch3.1.0

gliffygliffyMatch3.1.1

gliffygliffyMatch3.1.2

gliffygliffyMatch3.1.3

gliffygliffyMatch3.1.4

gliffygliffyMatch3.5

gliffygliffyMatch3.5.2

gliffygliffyMatch3.6

gliffygliffyMatch3.6.1

AND

atlassianconfluence_serverMatch4.1.9

VendorProductVersionCPE
gliffygliffy*cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
gliffygliffy1.0.1cpe:2.3:a:gliffy:gliffy:1.0.1:*:*:*:*:*:*:*
gliffygliffy2.0.0cpe:2.3:a:gliffy:gliffy:2.0.0:*:*:*:*:*:*:*
gliffygliffy2.0.1cpe:2.3:a:gliffy:gliffy:2.0.1:*:*:*:*:*:*:*
gliffygliffy2.1.0cpe:2.3:a:gliffy:gliffy:2.1.0:*:*:*:*:*:*:*
gliffygliffy2.1.1cpe:2.3:a:gliffy:gliffy:2.1.1:*:*:*:*:*:*:*
gliffygliffy2.1.2cpe:2.3:a:gliffy:gliffy:2.1.2:*:*:*:*:*:*:*
gliffygliffy2.1.3cpe:2.3:a:gliffy:gliffy:2.1.3:*:*:*:*:*:*:*
gliffygliffy2.2.0cpe:2.3:a:gliffy:gliffy:2.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gliffy	gliffy	*	cpe:2.3:a:gliffy:gliffy::::::::
atlassian	jira	*	cpe:2.3:a:atlassian:jira::::::::
gliffy	gliffy	1.0.1	cpe:2.3:a:gliffy:gliffy:1.0.1:::::::*
gliffy	gliffy	2.0.0	cpe:2.3:a:gliffy:gliffy:2.0.0:::::::*
gliffy	gliffy	2.0.1	cpe:2.3:a:gliffy:gliffy:2.0.1:::::::*
gliffy	gliffy	2.1.0	cpe:2.3:a:gliffy:gliffy:2.1.0:::::::*
gliffy	gliffy	2.1.1	cpe:2.3:a:gliffy:gliffy:2.1.1:::::::*
gliffy	gliffy	2.1.2	cpe:2.3:a:gliffy:gliffy:2.1.2:::::::*
gliffy	gliffy	2.1.3	cpe:2.3:a:gliffy:gliffy:2.1.3:::::::*
gliffy	gliffy	2.2.0	cpe:2.3:a:gliffy:gliffy:2.2.0:::::::*

Rows per page:

1-10 of 281

References

confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

osvdb.org/81993

secunia.com/advisories/49166

www.securityfocus.com/bid/53595

exchange.xforce.ibmcloud.com/vulnerabilities/75697

Social References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

7.1

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Related for CVE-2012-2928