The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
References
Link | Resource |
---|---|
http://codewhitesec.blogspot.com/2017/04/amf.html | Technical Description |
http://www.securityfocus.com/bid/97379 | Third Party Advisory VDB Entry |
https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html | Vendor Advisory |
https://jira.atlassian.com/browse/JRASERVER-64077 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/307983 | Third Party Advisory US Government Resource VDB Entry |
http://codewhitesec.blogspot.com/2017/04/amf.html | Technical Description |
http://www.securityfocus.com/bid/97379 | Third Party Advisory VDB Entry |
https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html | Vendor Advisory |
https://jira.atlassian.com/browse/JRASERVER-64077 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/307983 | Third Party Advisory US Government Resource VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://codewhitesec.blogspot.com/2017/04/amf.html - Technical Description | |
References | () http://www.securityfocus.com/bid/97379 - Third Party Advisory, VDB Entry | |
References | () https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html - Vendor Advisory | |
References | () https://jira.atlassian.com/browse/JRASERVER-64077 - Vendor Advisory | |
References | () https://www.kb.cert.org/vuls/id/307983 - Third Party Advisory, US Government Resource, VDB Entry |
Information
Published : 2017-04-10 15:59
Updated : 2024-11-21 03:28
NVD link : CVE-2017-5983
Mitre link : CVE-2017-5983
CVE.ORG link : CVE-2017-5983
JSON object : View
Products Affected
atlassian
- jira
CWE
CWE-502
Deserialization of Untrusted Data