Confluence Server Remote Code Execution Vulnerability-vulnerability warning-the black bar safety net

2019-04-06T00:00:00
ID MYHACK58:62201993532
Type myhack58
Reporter 佚名
Modified 2019-04-06T00:00:00

Description

Atlassian company for Confluence Server and Data Center products used in the widgetconnecter Assembly(version Network Vine CRS/ARS products have full support for the vulnerability detection and verification, 网藤用户可直接登陆www.riskivy.com for verification. ! A, scope of impact Product Confluence Server Confluence Data Center Version All 1. xx, 2. xx, 3. xx, 4. xx and 5. xx version All 6. 0. x, 6.1. x, and 6.2. x, 6.3. x, 6.4. x and 6. 5. x version 6.6. 12 before all 6. 6. x version All 6. 7. x, 6.8. x, 6.9. x, 6.10. x and 6. 11. x version 6.12. 3 before all 6. 12. x version 6.13. 3 before all 6. 13. x version 6.14. 2 before all 6. 14. x version Assembly widgetconnector Second, the fix version Version 6. 6. 12 and later 6. 6. x. Version 6. 12. 3 and later 6. 12. x Version 6. 13. 3 and later 6. 13. x Version 6. 14. 2 and higher version Third, the vulnerability to hazards An attacker can construct a malicious HTTP request parameters for the target system implementation, path traversal, arbitrary file reading, and remote command execution attacks. This type of attack can cause the target system in sensitive information being leaked, as well as the execution of the attacker construct malicious code. Fourth, the vulnerability reproduction Use the _template parameter to override Velocity to render a template, use the file:Protocol can be any of the file read(no longer limited to the classpath) ! By this method can be local file inclusion,in order to achieve remote code execution. ! Here are a SSRF eggs,the official temporarily not repaired,for details contact the bucket Pixel technology security services team. ! Five, the solution 1, upgrade Confluence version 2, the 主动升级widgetconnector-3.1.3.jar to widgetconnector-3.1.4.jar Sixth, the reference https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html The above is the high-risk vulnerability and early warning related information, if you have any questions or need more support, you can contact us. Contact phone: 400-156-9866 Email: help@tophant.com