Detections
Analytics
Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure
medium Nessus Plugin ID 67176
Language:
Synopsis
The version of Atlassian Crowd installed on the remote host is affected by an information disclosure vulnerability.Description
The version of Atlassian Crowd installed on the remote host is affected by an XML External Entity (XXE) vulnerability. This vulnerability could allow a remote, unauthenticated attacker to retrieve arbitrary files from the remote host by sending a specially crafted HTTP request with a Document Type Definition (DTD) header containing an XML external entity along with an entity reference.Note that the application is also affected by a flaw in which a remote, unauthenticated attacker can use the Crowd server to act as an HTTP Request Relay. Additionally, the application is affected by a flaw in which a denial of service attack can be launched against the Crowd server.
Solution
Upgrade to version 2.5.4 / 2.6.3 or later or apply the patch in the referenced URL.See Also
http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf
https://confluence.atlassian.com/display/CROWD/Crowd+2.6.3+Release+Notes
Plugin Details
Severity: Medium
ID: 67176
File Name: crowd_remote_file_disclosure.nasl
Version: 1.10
Type: remote
Family: CGI abuses
Published: 7/3/2013
Updated: 6/4/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 4.8
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2013-3925
Vulnerability Information
CPE: cpe:/a:atlassian:crowd
Required KB Items: www/crowd
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 6/18/2013
Vulnerability Publication Date: 6/28/2013
Reference Information
CVE: CVE-2013-3925
BID: 60899