Lucene search

[email protected]CVE-2010-1165

HistoryApr 20, 2010 - 3:30 p.m.

CVE-2010-1165

2010-04-2015:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-1165

atlassian jira

remote code execution

security vulnerability

nvd

arbitrary code execution

exploit

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Affected configurations

NVD

Node

atlassianjiraMatch3.12

atlassianjiraMatch3.12.1

atlassianjiraMatch3.12.2

atlassianjiraMatch3.12.3

atlassianjiraMatch3.13

atlassianjiraMatch3.13.1

atlassianjiraMatch3.13.2

atlassianjiraMatch3.13.3

atlassianjiraMatch3.13.4

atlassianjiraMatch3.13.5

atlassianjiraMatch4.0

atlassianjiraMatch4.0.1

atlassianjiraMatch4.0.2

atlassianjiraMatch4.1

CPENameOperatorVersion
atlassian:jiraatlassian jiraeq3.12
atlassian:jiraatlassian jiraeq3.12.1
atlassian:jiraatlassian jiraeq3.12.2
atlassian:jiraatlassian jiraeq3.12.3
atlassian:jiraatlassian jiraeq3.13
atlassian:jiraatlassian jiraeq3.13.1
atlassian:jiraatlassian jiraeq3.13.2
atlassian:jiraatlassian jiraeq3.13.3
atlassian:jiraatlassian jiraeq3.13.4
atlassian:jiraatlassian jiraeq3.13.5

CPE	Name	Operator	Version
atlassian:jira	atlassian jira	eq	3.12
atlassian:jira	atlassian jira	eq	3.12.1
atlassian:jira	atlassian jira	eq	3.12.2
atlassian:jira	atlassian jira	eq	3.12.3
atlassian:jira	atlassian jira	eq	3.13
atlassian:jira	atlassian jira	eq	3.13.1
atlassian:jira	atlassian jira	eq	3.13.2
atlassian:jira	atlassian jira	eq	3.13.3
atlassian:jira	atlassian jira	eq	3.13.4
atlassian:jira	atlassian jira	eq	3.13.5

Rows per page:

1-10 of 141

References

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16

jira.atlassian.com/browse/JRA-20995

jira.atlassian.com/browse/JRA-21004

secunia.com/advisories/39353

www.openwall.com/lists/oss-security/2010/04/16/3

www.openwall.com/lists/oss-security/2010/04/16/4

www.securityfocus.com/bid/39485

exchange.xforce.ibmcloud.com/vulnerabilities/57828

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2010-1165

nvd1 prion1 cvelist1 openvas1 nessus1