Atlassian Confluence < 5.1.5 OGNL Expression Handling Double Evaluation Error Remote Code Execution

high Nessus Plugin ID 69804

Synopsis

The remote web application is affected by a remote code execution vulnerability.

Description

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.1.5.
It is, therefore, affected by a remote code execution vulnerability due to a flaw in the handling of OGNL expressions. This could allow an attacker to execute arbitrary Java code on the remote host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Confluence version 5.1.5 or later, or apply the appropriate vendor patch.

See Also

http://www.nessus.org/u?92ee0bb7

https://jira.atlassian.com/browse/CONF-30221

Plugin Details

Severity: High

ID: 69804

File Name: confluence_5_1_5.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 9/6/2013

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:atlassian:confluence

Required KB Items: Settings/ParanoidReport, www/confluence

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 8/5/2013

Vulnerability Publication Date: 8/3/2013

Reference Information

BID: 61626