Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6531

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6531
Last Modified 27 Mar 2009 12:00:00
Published 26 Mar 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6531

Summary

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

Vulnerable Systems

Application

  • Atlassian Jira

  • Atlassian Jira 2.1

  • Atlassian Jira 2.2

  • Atlassian Jira 2.2.1

  • Atlassian Jira 2.3

  • Atlassian Jira 2.4.1

  • Atlassian Jira 2.5.1

  • Atlassian Jira 2.5.2

  • Atlassian Jira 2.5.3

  • Atlassian Jira 2.6

  • Atlassian Jira 2.6.1

  • Atlassian Jira 3.0

  • Atlassian Jira 3.0.1

  • Atlassian Jira 3.0.2

  • Atlassian Jira 3.0.3

  • Atlassian Jira 3.1

  • Atlassian Jira 3.1.1

  • Atlassian Jira 3.10

  • Atlassian Jira 3.10.1

  • Atlassian Jira 3.10.2

  • Atlassian Jira 3.11

  • Atlassian Jira 3.12

  • Atlassian Jira 3.12.1

  • Atlassian Jira 3.12.2

  • Atlassian Jira 3.12.3

  • Atlassian Jira 3.13

  • Atlassian Jira 3.13.1

  • Atlassian Jira 3.2

  • Atlassian Jira 3.2.1

  • Atlassian Jira 3.2.2

  • Atlassian Jira 3.2.3

  • Atlassian Jira 3.3

  • Atlassian Jira 3.3.1

  • Atlassian Jira 3.3.2

  • Atlassian Jira 3.3.3

  • Atlassian Jira 3.4.1

  • Atlassian Jira 3.4.2

  • Atlassian Jira 3.4.3

  • Atlassian Jira 3.5

  • Atlassian Jira 3.5.1

  • Atlassian Jira 3.5.2

  • Atlassian Jira 3.5.3

  • Atlassian Jira 3.6

  • Atlassian Jira 3.6.1

  • Atlassian Jira 3.6.2

  • Atlassian Jira 3.6.3

  • Atlassian Jira 3.6.4

  • Atlassian Jira 3.6.5

  • Atlassian Jira 3.7

  • Atlassian Jira 3.7.1

  • Atlassian Jira 3.7.2

  • Atlassian Jira 3.7.3

  • Atlassian Jira 3.7.4

  • Atlassian Jira 3.8

  • Atlassian Jira 3.8.1

  • Atlassian Jira 3.9

  • Atlassian Jira 3.9.1

  • Atlassian Jira 3.9.2

  • Atlassian Jira 3.9.3


References

CONFIRM - http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09

XF - jira-webwork1-security-bypass(47211)

BID - 32746

OSVDB - 52707

SECUNIA - 33084


Last Updated: 27 May 2016 10:49:14