Detections
Analytics

Atlassian FishEye 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability

high Nessus Plugin ID 59328

Language:

Synopsis

The version of Atlassian FishEye installed on the remote host may be affected by an XML parsing vulnerability.

Description

According to its self-reported version, the version of Atlassian FishEye running on the remote host is potentially affected by an XML parsing vulnerability. This vulnerability may allow an unauthenticated, remote attacker to perform a denial of service attack against FishEye. This vulnerability may also allow an unauthenticated, remote attacker to read any local files that the user can access.

Solution

Upgrade to FishEye 2.5.8 / 2.6.8 / 2.7.12 or later.

See Also

http://www.nessus.org/u?6b7f1aed

https://jira.atlassian.com/browse/FE-4016

Plugin Details

Severity: High

ID: 59328

File Name: fisheye_2_7_12.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 6/1/2012

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:atlassian:fisheye

Required KB Items: Settings/ParanoidReport, www/fisheye

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/17/2012

Vulnerability Publication Date: 3/26/2012

Reference Information

BID: 53603