WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)

Description

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Remediation

References

Related Vulnerabilities

PHP Other Vulnerability (CVE-2014-4670)

WordPress 3.8.x PHP Object Injection (3.8 - 3.8.35)

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3398)

WordPress Plugin Prismatic Multiple Cross-Site Scripting Vulnerabilities (2.7)

Severity

Critical

Classification

CVE-2019-3395 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities