Lucene search

[email protected]CVE-2012-2926

HistoryMay 22, 2012 - 3:55 p.m.

CVE-2012-2926

2012-05-2215:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

atlassian

jira

confluence

fisheye

crucible

bamboo

crowd

cve-2012-2926

xml parsers

security vulnerability

remote attack

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.459 Medium

EPSS

Percentile

97.4%

JSON

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

CPENameOperatorVersion
atlassian:fisheyeatlassian fisheyelt2.6.8
atlassian:fisheyeatlassian fisheyelt2.5.8
atlassian:confluenceatlassian confluencelt3.5.16
atlassian:jiraatlassian jiralt5.0.1
atlassian:crucibleatlassian cruciblelt2.7.12
atlassian:crowdatlassian crowdlt2.1.2
atlassian:crowdatlassian crowdlt2.3.7
atlassian:crowdatlassian crowdlt2.0.9
atlassian:crowdatlassian crowdlt2.4.1
atlassian:crowdatlassian crowdlt2.2.9

CPE	Name	Operator	Version
atlassian:fisheye	atlassian fisheye	lt	2.6.8
atlassian:fisheye	atlassian fisheye	lt	2.5.8
atlassian:confluence	atlassian confluence	lt	3.5.16
atlassian:jira	atlassian jira	lt	5.0.1
atlassian:crucible	atlassian crucible	lt	2.7.12
atlassian:crowd	atlassian crowd	lt	2.1.2
atlassian:crowd	atlassian crowd	lt	2.3.7
atlassian:crowd	atlassian crowd	lt	2.0.9
atlassian:crowd	atlassian crowd	lt	2.4.1
atlassian:crowd	atlassian crowd	lt	2.2.9

Rows per page:

1-10 of 171

References

confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17

confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17

confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

osvdb.org/81993

secunia.com/advisories/49146

www.securityfocus.com/bid/53595

exchange.xforce.ibmcloud.com/vulnerabilities/75682

exchange.xforce.ibmcloud.com/vulnerabilities/75697

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.459 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2012-2926

prion1 openvas2 cvelist1 atlassian2 nessus1