Remote DoS Exploit on Confluence

2014-06-27T01:02:40
ID ATLASSIAN:CONFSERVER-34097
Type atlassian
Reporter jsanchez@atlassian.com
Modified 2017-02-17T04:30:27

Description

Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs.

Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it.

Details on the attack can be found on https://jira.atlassian.com/browse/JRA-38884

The vulnerability was detected on our fork of apache shindig, which atlassian-gadgets depends on. We have made a fix and published a new version for it (1.0-incubating-atlassian-20) that solves the problem.

Any product that uses atlassian-gadgets to render gadgets is vulnerable to this, and Confluence is one of those.

You would need to check your current version of atlassian-gadgets and see which version of apache shindig is using. Anything lower than 1.0-incubating-atlassian-20 would make Confluence vulnerable to this attack.

The fix is quite easy, just bump the version of shindig on the version of gadgets that you are using. Then release a new version of gadgets and bump the version on Confluence to pick up the fix.

If you need any details, ping me @jsanchez.