漏洞类别:CGI
漏洞等级: 
漏洞信息
JIRA is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
The vulnerability exists because of incorrect implementation of a XML parser and deserializer was used in JIRA. Due to this improper implementation, the JIRA Workflow Designer Plugin improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Affected Versions:
Atlassian JIRA Server versions 4.2.4 prior to 6.3.0
漏洞危害
Successful exploitation allows remote, unauthenticated attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
解决方案
Customers are advised to upgrade JIRA Server 6.3.0 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论