Lucene search

[email protected]NVD:CVE-2012-2928

HistoryMay 22, 2012 - 3:55 p.m.

CVE-2012-2928

2012-05-2215:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

9.1

Confidence

High

EPSS

0.017

Percentile

87.7%

JSON

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Affected configurations

Nvd

Node

gliffygliffyRange≤3.7

AND

atlassianjiraRange≤5.0.0

Node

gliffygliffyRange≤3.7

gliffygliffyMatch1.0.1

gliffygliffyMatch2.0.0

gliffygliffyMatch2.0.1

gliffygliffyMatch2.1.0

gliffygliffyMatch2.1.1

gliffygliffyMatch2.1.2

gliffygliffyMatch2.1.3

gliffygliffyMatch2.2.0

gliffygliffyMatch2.2.1

gliffygliffyMatch2.2.2

gliffygliffyMatch3.0.0

gliffygliffyMatch3.0.1

gliffygliffyMatch3.0.2

gliffygliffyMatch3.0.3

gliffygliffyMatch3.0.4

gliffygliffyMatch3.0.5

gliffygliffyMatch3.1.0

gliffygliffyMatch3.1.1

gliffygliffyMatch3.1.2

gliffygliffyMatch3.1.3

gliffygliffyMatch3.1.4

gliffygliffyMatch3.5

gliffygliffyMatch3.5.2

gliffygliffyMatch3.6

gliffygliffyMatch3.6.1

AND

atlassianconfluence_serverMatch4.1.9

VendorProductVersionCPE
gliffygliffy*cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
gliffygliffy1.0.1cpe:2.3:a:gliffy:gliffy:1.0.1:*:*:*:*:*:*:*
gliffygliffy2.0.0cpe:2.3:a:gliffy:gliffy:2.0.0:*:*:*:*:*:*:*
gliffygliffy2.0.1cpe:2.3:a:gliffy:gliffy:2.0.1:*:*:*:*:*:*:*
gliffygliffy2.1.0cpe:2.3:a:gliffy:gliffy:2.1.0:*:*:*:*:*:*:*
gliffygliffy2.1.1cpe:2.3:a:gliffy:gliffy:2.1.1:*:*:*:*:*:*:*
gliffygliffy2.1.2cpe:2.3:a:gliffy:gliffy:2.1.2:*:*:*:*:*:*:*
gliffygliffy2.1.3cpe:2.3:a:gliffy:gliffy:2.1.3:*:*:*:*:*:*:*
gliffygliffy2.2.0cpe:2.3:a:gliffy:gliffy:2.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gliffy	gliffy	*	cpe:2.3:a:gliffy:gliffy::::::::
atlassian	jira	*	cpe:2.3:a:atlassian:jira::::::::
gliffy	gliffy	1.0.1	cpe:2.3:a:gliffy:gliffy:1.0.1:::::::*
gliffy	gliffy	2.0.0	cpe:2.3:a:gliffy:gliffy:2.0.0:::::::*
gliffy	gliffy	2.0.1	cpe:2.3:a:gliffy:gliffy:2.0.1:::::::*
gliffy	gliffy	2.1.0	cpe:2.3:a:gliffy:gliffy:2.1.0:::::::*
gliffy	gliffy	2.1.1	cpe:2.3:a:gliffy:gliffy:2.1.1:::::::*
gliffy	gliffy	2.1.2	cpe:2.3:a:gliffy:gliffy:2.1.2:::::::*
gliffy	gliffy	2.1.3	cpe:2.3:a:gliffy:gliffy:2.1.3:::::::*
gliffy	gliffy	2.2.0	cpe:2.3:a:gliffy:gliffy:2.2.0:::::::*

Rows per page:

1-10 of 281

References

confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

osvdb.org/81993

secunia.com/advisories/49166

www.securityfocus.com/bid/53595

exchange.xforce.ibmcloud.com/vulnerabilities/75697

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

9.1

Confidence

High

EPSS

0.017

Percentile

87.7%

JSON

Related for NVD:CVE-2012-2928

cvelist1 prion1 cve1 nessus1