Atlassian JIRA 500page.jsp XSS

medium Nessus Plugin ID 29834

Synopsis

The remote web server hosts a web application that is affected by a cross-site scripting (XSS) vulnerability.

Description

The Atlassian JIRA installation hosted on the remote web server is affected by a cross-site scripting (XSS) vulnerability due to a failure to properly sanitize user-supplied error messages before being passed to the 500page.jsp script. A remote attacker, using a crafted URL, can exploit this to execute arbitrary code in a user's browser.

Note that the application is also reportedly affected by multiple security bypass vulnerabilities; however, Nessus has not tested for these. Refer to the advisory for more information.

Solution

Upgrade to Atlassian JIRA 3.12.1 or later. Alternatively, apply the appropriate patch referenced in the vendor advisory.

See Also

https://jira.atlassian.com/browse/JRA-13999

https://jira.atlassian.com/browse/JRA-14086

https://jira.atlassian.com/browse/JRA-14105

http://www.nessus.org/u?ea522a47

Plugin Details

Severity: Medium

ID: 29834

File Name: jira_3_12_1.nasl

Version: 1.24

Type: remote

Published: 1/3/2008

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Required KB Items: installed_sw/Atlassian JIRA

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 12/24/2007

Vulnerability Publication Date: 12/24/2007

Reference Information

CVE: CVE-2007-6617, CVE-2007-6618, CVE-2007-6619

BID: 27094, 27095

CWE: 264, 79