The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
References
Link | Resource |
---|---|
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09 | Patch Vendor Advisory |
http://secunia.com/advisories/33084 | Vendor Advisory |
http://www.osvdb.org/52707 | Broken Link |
http://www.securityfocus.com/bid/32746 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/47211 | VDB Entry |
Configurations
History
06 Jul 2023, 16:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira:3.4.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.5:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.4:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.4:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.4:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.4.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.4.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.4:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.5:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.11:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.4:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.4.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.5:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.11:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.11:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.3:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.5:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.4:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.4:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.6.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.2:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.9.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.4.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.4:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.3:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.13.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:*:3.6.3:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.1:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.5.2:*:professional:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.12:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.7.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.3:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0.1:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.8.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.0:*:enterprise:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.10.2:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.5:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2.1:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:2.2:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.11:*:standard:*:*:*:*:* cpe:2.3:a:atlassian:jira:3.6.2:*:standard:*:*:*:*:* |
|
References | (OSVDB) http://www.osvdb.org/52707 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/47211 - VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/32746 - Third Party Advisory, VDB Entry |
Information
Published : 2009-03-26 21:00
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6531
Mitre link : CVE-2008-6531
CVE.ORG link : CVE-2008-6531
JSON object : View
Products Affected
atlassian
- jira
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')