Описание
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-1165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57828
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
- http://jira.atlassian.com/browse/JRA-20995
- http://jira.atlassian.com/browse/JRA-21004
- http://secunia.com/advisories/39353
- http://www.openwall.com/lists/oss-security/2010/04/16/3
- http://www.openwall.com/lists/oss-security/2010/04/16/4
- http://www.securityfocus.com/bid/39485
Связанные уязвимости
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.