Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2926

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-2926
Last Modified 13 Aug 2012 11:38:07
Published 22 May 2012 11:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2926

Summary

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Vulnerable Systems

Application

  • Atlassian Bamboo 1.0

  • Atlassian Bamboo 1.0.1

  • Atlassian Bamboo 1.0.2

  • Atlassian Bamboo 1.0.3

  • Atlassian Bamboo 1.0.4

  • Atlassian Bamboo 1.0.5

  • Atlassian Bamboo 1.1

  • Atlassian Bamboo 1.1.1

  • Atlassian Bamboo 1.1.2

  • Atlassian Bamboo 1.2

  • Atlassian Bamboo 1.2.1

  • Atlassian Bamboo 1.2.2

  • Atlassian Bamboo 1.2.3

  • Atlassian Bamboo 1.2.4

  • Atlassian Bamboo 2.0

  • Atlassian Bamboo 2.0.1

  • Atlassian Bamboo 2.0.2

  • Atlassian Bamboo 2.0.3

  • Atlassian Bamboo 2.0.4

  • Atlassian Bamboo 2.0.5

  • Atlassian Bamboo 2.0.6

  • Atlassian Bamboo 2.1

  • Atlassian Bamboo 2.1.1

  • Atlassian Bamboo 2.1.2

  • Atlassian Bamboo 2.1.3

  • Atlassian Bamboo 2.1.4

  • Atlassian Bamboo 2.1.5

  • Atlassian Bamboo 2.2

  • Atlassian Bamboo 2.2.1

  • Atlassian Bamboo 2.2.2

  • Atlassian Bamboo 2.2.3

  • Atlassian Bamboo 2.2.4

  • Atlassian Bamboo 2.3

  • Atlassian Bamboo 2.3.1

  • Atlassian Bamboo 2.4

  • Atlassian Bamboo 2.4.1

  • Atlassian Bamboo 2.4.2

  • Atlassian Bamboo 2.4.3

  • Atlassian Bamboo 2.5

  • Atlassian Bamboo 2.5.1

  • Atlassian Bamboo 2.5.2

  • Atlassian Bamboo 2.5.3

  • Atlassian Bamboo 2.5.5

  • Atlassian Bamboo 2.6

  • Atlassian Bamboo 2.6.1

  • Atlassian Bamboo 2.6.2

  • Atlassian Bamboo 2.6.3

  • Atlassian Bamboo 2.7

  • Atlassian Bamboo 2.7.1

  • Atlassian Bamboo 2.7.2

  • Atlassian Bamboo 2.7.3

  • Atlassian Bamboo 2.7.4

  • Atlassian Bamboo 3.0

  • Atlassian Bamboo 3.0.1

  • Atlassian Bamboo 3.0.2

  • Atlassian Bamboo 3.0.3

  • Atlassian Bamboo 3.1

  • Atlassian Bamboo 3.1.1

  • Atlassian Bamboo 3.1.3

  • Atlassian Bamboo 3.1.4

  • Atlassian Bamboo 3.2

  • Atlassian Bamboo 3.2.2

  • Atlassian Bamboo 3.3.1

  • Atlassian Bamboo 3.3.2

  • Atlassian Bamboo 3.3.3

  • Atlassian Bamboo 3.4

  • Atlassian Bamboo 3.4.1

  • Atlassian Bamboo 3.4.2

  • Atlassian Bamboo 3.4.3

  • Atlassian Bamboo 3.4.4

  • Atlassian Confluence 1.0

  • Atlassian Confluence 1.0.1

  • Atlassian Confluence 1.0.3

  • Atlassian Confluence 1.1

  • Atlassian Confluence 1.1.1

  • Atlassian Confluence 1.1.2

  • Atlassian Confluence 1.2

  • Atlassian Confluence 1.2.1

  • Atlassian Confluence 1.2.2

  • Atlassian Confluence 1.2.3

  • Atlassian Confluence 1.3

  • Atlassian Confluence 1.3.1

  • Atlassian Confluence 1.3.2

  • Atlassian Confluence 1.3.4

  • Atlassian Confluence 1.3.5

  • Atlassian Confluence 1.3.6

  • Atlassian Confluence 1.4

  • Atlassian Confluence 1.4.1

  • Atlassian Confluence 1.4.2

  • Atlassian Confluence 1.4.3

  • Atlassian Confluence 1.4.4

  • Atlassian Confluence 2.10

  • Atlassian Confluence 2.10.1

  • Atlassian Confluence 2.10.2

  • Atlassian Confluence 2.10.3

  • Atlassian Confluence 2.10.4

  • Atlassian Confluence 2.6

  • Atlassian Confluence 2.6.1

  • Atlassian Confluence 2.6.2

  • Atlassian Confluence 2.6.3

  • Atlassian Confluence 2.7

  • Atlassian Confluence 2.7.1

  • Atlassian Confluence 2.7.2

  • Atlassian Confluence 2.7.3

  • Atlassian Confluence 2.7.4

  • Atlassian Confluence 2.8

  • Atlassian Confluence 2.8.1

  • Atlassian Confluence 2.8.2

  • Atlassian Confluence 2.8.3

  • Atlassian Confluence 2.9

  • Atlassian Confluence 2.9.1

  • Atlassian Confluence 2.9.2

  • Atlassian Confluence 2.9.3

  • Atlassian Confluence 3.0

  • Atlassian Confluence 3.0.1

  • Atlassian Confluence 3.0.2

  • Atlassian Confluence 3.1

  • Atlassian Confluence 3.1.1

  • Atlassian Confluence 3.1.2

  • Atlassian Confluence 3.2

  • Atlassian Confluence 3.2.1

  • Atlassian Confluence 3.3

  • Atlassian Confluence 3.3.1

  • Atlassian Confluence 3.3.3

  • Atlassian Confluence 3.4

  • Atlassian Confluence 3.4.1

  • Atlassian Confluence 3.4.2

  • Atlassian Confluence 3.4.3

  • Atlassian Confluence 3.4.5

  • Atlassian Confluence 3.4.6

  • Atlassian Confluence 3.4.7

  • Atlassian Confluence 3.4.8

  • Atlassian Confluence 3.4.9

  • Atlassian Confluence 3.5

  • Atlassian Confluence 3.5.1

  • Atlassian Confluence 3.5.11

  • Atlassian Confluence 3.5.13

  • Atlassian Confluence 3.5.2

  • Atlassian Confluence 3.5.3

  • Atlassian Confluence 3.5.4

  • Atlassian Confluence 3.5.5

  • Atlassian Confluence 3.5.6

  • Atlassian Confluence 3.5.7

  • Atlassian Confluence 3.5.9

  • Atlassian Confluence 4.0

  • Atlassian Confluence 4.0.3

  • Atlassian Confluence 4.0.4

  • Atlassian Confluence 4.0.5

  • Atlassian Confluence 4.1

  • Atlassian Confluence 4.1.2

  • Atlassian Confluence 4.1.3

  • Atlassian Confluence 4.1.4

  • Atlassian Confluence 4.1.5

  • Atlassian Confluence 4.1.6

  • Atlassian Confluence 4.1.7

  • Atlassian Confluence 4.1.9

  • Atlassian Crowd 0.2

  • Atlassian Crowd 0.3

  • Atlassian Crowd 0.3.2

  • Atlassian Crowd 0.3.3

  • Atlassian Crowd 0.4

  • Atlassian Crowd 0.4.1

  • Atlassian Crowd 0.4.2

  • Atlassian Crowd 0.4.3

  • Atlassian Crowd 0.4.4

  • Atlassian Crowd 0.4.5

  • Atlassian Crowd 1.0.0

  • Atlassian Crowd 1.0.1

  • Atlassian Crowd 1.0.2

  • Atlassian Crowd 1.0.3

  • Atlassian Crowd 1.0.4

  • Atlassian Crowd 1.0.5

  • Atlassian Crowd 1.0.6

  • Atlassian Crowd 1.0.7

  • Atlassian Crowd 1.1.0

  • Atlassian Crowd 1.1.1

  • Atlassian Crowd 1.1.2

  • Atlassian Crowd 1.2

  • Atlassian Crowd 1.2.1

  • Atlassian Crowd 1.2.2

  • Atlassian Crowd 1.2.4

  • Atlassian Crowd 1.3

  • Atlassian Crowd 1.3.1

  • Atlassian Crowd 1.3.2

  • Atlassian Crowd 1.3.3

  • Atlassian Crowd 1.4

  • Atlassian Crowd 1.4.1

  • Atlassian Crowd 1.4.2

  • Atlassian Crowd 1.4.3

  • Atlassian Crowd 1.4.4

  • Atlassian Crowd 1.4.7

  • Atlassian Crowd 1.4.8

  • Atlassian Crowd 1.5

  • Atlassian Crowd 1.5.1

  • Atlassian Crowd 1.5.2

  • Atlassian Crowd 1.5.3

  • Atlassian Crowd 1.6

  • Atlassian Crowd 1.6.1

  • Atlassian Crowd 1.6.3

  • Atlassian Crowd 2.0

  • Atlassian Crowd 2.0.1

  • Atlassian Crowd 2.0.2

  • Atlassian Crowd 2.0.3

  • Atlassian Crowd 2.0.4

  • Atlassian Crowd 2.0.5

  • Atlassian Crowd 2.0.6

  • Atlassian Crowd 2.0.7

  • Atlassian Crowd 2.1

  • Atlassian Crowd 2.1.1

  • Atlassian Crowd 2.2.2

  • Atlassian Crowd 2.2.4

  • Atlassian Crowd 2.2.7

  • Atlassian Crowd 2.3.1

  • Atlassian Crowd 2.3.2

  • Atlassian Crowd 2.3.3

  • Atlassian Crowd 2.3.4

  • Atlassian Crowd 2.3.6

  • Atlassian Crowd 2.4

  • Atlassian Crucible 1.1

  • Atlassian Crucible 1.1.1

  • Atlassian Crucible 1.1.2

  • Atlassian Crucible 1.1.3

  • Atlassian Crucible 1.1.4

  • Atlassian Crucible 1.2

  • Atlassian Crucible 1.2.1

  • Atlassian Crucible 1.2.2

  • Atlassian Crucible 1.2.3

  • Atlassian Crucible 1.5.0

  • Atlassian Crucible 1.5.1

  • Atlassian Crucible 1.5.2

  • Atlassian Crucible 1.5.3

  • Atlassian Crucible 1.5.4

  • Atlassian Crucible 1.6.0

  • Atlassian Crucible 1.6.1

  • Atlassian Crucible 1.6.2

  • Atlassian Crucible 1.6.2.1

  • Atlassian Crucible 1.6.3

  • Atlassian Crucible 1.6.4

  • Atlassian Crucible 1.6.5.a

  • Atlassian Crucible 1.6.6

  • Atlassian Crucible 2.0

  • Atlassian Crucible 2.0.1

  • Atlassian Crucible 2.0.2

  • Atlassian Crucible 2.0.3

  • Atlassian Crucible 2.0.4

  • Atlassian Crucible 2.0.5

  • Atlassian Crucible 2.0.6

  • Atlassian Crucible 2.1.0

  • Atlassian Crucible 2.1.1

  • Atlassian Crucible 2.1.2

  • Atlassian Crucible 2.1.3

  • Atlassian Crucible 2.1.4

  • Atlassian Crucible 2.2.0

  • Atlassian Crucible 2.2.1

  • Atlassian Crucible 2.2.3

  • Atlassian Crucible 2.3.0

  • Atlassian Crucible 2.3.1

  • Atlassian Crucible 2.3.2

  • Atlassian Crucible 2.3.3

  • Atlassian Crucible 2.3.4

  • Atlassian Crucible 2.3.5

  • Atlassian Crucible 2.3.6

  • Atlassian Crucible 2.3.7

  • Atlassian Crucible 2.3.8

  • Atlassian Crucible 2.4.0

  • Atlassian Crucible 2.4.1

  • Atlassian Crucible 2.4.2

  • Atlassian Crucible 2.4.3

  • Atlassian Crucible 2.4.4

  • Atlassian Crucible 2.4.5

  • Atlassian Crucible 2.4.6

  • Atlassian Crucible 2.5.0

  • Atlassian Crucible 2.5.1

  • Atlassian Crucible 2.5.2

  • Atlassian Crucible 2.5.3

  • Atlassian Crucible 2.5.4

  • Atlassian Crucible 2.5.5

  • Atlassian Crucible 2.5.6

  • Atlassian Crucible 2.5.7

  • Atlassian Crucible 2.6.0

  • Atlassian Crucible 2.6.1

  • Atlassian Crucible 2.6.2

  • Atlassian Crucible 2.6.3

  • Atlassian Crucible 2.6.4

  • Atlassian Crucible 2.6.5

  • Atlassian Crucible 2.6.6

  • Atlassian Crucible 2.6.7

  • Atlassian Crucible 2.7.0

  • Atlassian Crucible 2.7.1

  • Atlassian Crucible 2.7.10

  • Atlassian Crucible 2.7.11

  • Atlassian Crucible 2.7.12

  • Atlassian Crucible 2.7.2

  • Atlassian Crucible 2.7.3

  • Atlassian Crucible 2.7.4

  • Atlassian Crucible 2.7.5

  • Atlassian Crucible 2.7.6

  • Atlassian Crucible 2.7.7

  • Atlassian Crucible 2.7.8

  • Atlassian Crucible 2.7.9

  • Atlassian Fisheye 1.3

  • Atlassian Fisheye 1.4

  • Atlassian Fisheye 1.4.1

  • Atlassian Fisheye 1.4.2

  • Atlassian Fisheye 1.4.3

  • Atlassian Fisheye 1.5.0

  • Atlassian Fisheye 1.5.1

  • Atlassian Fisheye 1.5.2

  • Atlassian Fisheye 1.5.3

  • Atlassian Fisheye 1.5.4

  • Atlassian Fisheye 1.6.0

  • Atlassian Fisheye 1.6.1

  • Atlassian Fisheye 1.6.2

  • Atlassian Fisheye 1.6.3

  • Atlassian Fisheye 1.6.4

  • Atlassian Fisheye 1.6.5.a

  • Atlassian Fisheye 1.6.6

  • Atlassian Fisheye 2.0

  • Atlassian Fisheye 2.0.1

  • Atlassian Fisheye 2.0.2

  • Atlassian Fisheye 2.0.3

  • Atlassian Fisheye 2.0.4

  • Atlassian Fisheye 2.0.5

  • Atlassian Fisheye 2.0.6

  • Atlassian Fisheye 2.1.0

  • Atlassian Fisheye 2.1.1

  • Atlassian Fisheye 2.1.2

  • Atlassian Fisheye 2.1.3

  • Atlassian Fisheye 2.1.4

  • Atlassian Fisheye 2.2.0

  • Atlassian Fisheye 2.2.1

  • Atlassian Fisheye 2.2.3

  • Atlassian Fisheye 2.3.0

  • Atlassian Fisheye 2.3.1

  • Atlassian Fisheye 2.3.2

  • Atlassian Fisheye 2.3.3

  • Atlassian Fisheye 2.3.4

  • Atlassian Fisheye 2.3.5

  • Atlassian Fisheye 2.3.6

  • Atlassian Fisheye 2.3.7

  • Atlassian Fisheye 2.3.8

  • Atlassian Fisheye 2.4.0

  • Atlassian Fisheye 2.4.1

  • Atlassian Fisheye 2.4.2

  • Atlassian Fisheye 2.4.3

  • Atlassian Fisheye 2.4.4

  • Atlassian Fisheye 2.4.5

  • Atlassian Fisheye 2.4.6

  • Atlassian Fisheye 2.5.0

  • Atlassian Fisheye 2.5.1

  • Atlassian Fisheye 2.5.2

  • Atlassian Fisheye 2.5.3

  • Atlassian Fisheye 2.5.4

  • Atlassian Fisheye 2.5.5

  • Atlassian Fisheye 2.5.6

  • Atlassian Fisheye 2.5.7

  • Atlassian Fisheye 2.6.0

  • Atlassian Fisheye 2.6.1

  • Atlassian Fisheye 2.6.2

  • Atlassian Fisheye 2.6.3

  • Atlassian Fisheye 2.6.4

  • Atlassian Fisheye 2.6.5

  • Atlassian Fisheye 2.6.6

  • Atlassian Fisheye 2.6.7

  • Atlassian Fisheye 2.7.0

  • Atlassian Fisheye 2.7.1

  • Atlassian Fisheye 2.7.10

  • Atlassian Fisheye 2.7.11

  • Atlassian Fisheye 2.7.12

  • Atlassian Fisheye 2.7.2

  • Atlassian Fisheye 2.7.3

  • Atlassian Fisheye 2.7.4

  • Atlassian Fisheye 2.7.5

  • Atlassian Fisheye 2.7.6

  • Atlassian Fisheye 2.7.7

  • Atlassian Fisheye 2.7.8

  • Atlassian Fisheye 2.7.9

  • Atlassian Jira 2.1

  • Atlassian Jira 2.2

  • Atlassian Jira 2.2.1

  • Atlassian Jira 2.3

  • Atlassian Jira 2.4.1

  • Atlassian Jira 2.5.1

  • Atlassian Jira 2.5.2

  • Atlassian Jira 2.5.3

  • Atlassian Jira 2.6

  • Atlassian Jira 2.6.1

  • Atlassian Jira 3.0

  • Atlassian Jira 3.0.1

  • Atlassian Jira 3.0.2

  • Atlassian Jira 3.0.3

  • Atlassian Jira 3.1

  • Atlassian Jira 3.1.1

  • Atlassian Jira 3.10

  • Atlassian Jira 3.10.1

  • Atlassian Jira 3.10.2

  • Atlassian Jira 3.11

  • Atlassian Jira 3.12

  • Atlassian Jira 3.12.1

  • Atlassian Jira 3.12.2

  • Atlassian Jira 3.12.3

  • Atlassian Jira 3.13

  • Atlassian Jira 3.13.1

  • Atlassian Jira 3.13.2

  • Atlassian Jira 3.13.3

  • Atlassian Jira 3.13.4

  • Atlassian Jira 3.13.5

  • Atlassian Jira 3.2

  • Atlassian Jira 3.2.1

  • Atlassian Jira 3.2.2

  • Atlassian Jira 3.2.3

  • Atlassian Jira 3.3

  • Atlassian Jira 3.3.1

  • Atlassian Jira 3.3.2

  • Atlassian Jira 3.3.3

  • Atlassian Jira 3.4.1

  • Atlassian Jira 3.4.2

  • Atlassian Jira 3.4.3

  • Atlassian Jira 3.5

  • Atlassian Jira 3.5.1

  • Atlassian Jira 3.5.2

  • Atlassian Jira 3.5.3

  • Atlassian Jira 3.6

  • Atlassian Jira 3.6.1

  • Atlassian Jira 3.6.2

  • Atlassian Jira 3.6.2 156

  • Atlassian Jira 3.6.3

  • Atlassian Jira 3.6.4

  • Atlassian Jira 3.6.5

  • Atlassian Jira 3.7

  • Atlassian Jira 3.7.1

  • Atlassian Jira 3.7.2

  • Atlassian Jira 3.7.3

  • Atlassian Jira 3.7.4

  • Atlassian Jira 3.8

  • Atlassian Jira 3.8.1

  • Atlassian Jira 3.9

  • Atlassian Jira 3.9.1

  • Atlassian Jira 3.9.2

  • Atlassian Jira 3.9.3

  • Atlassian Jira 4.0

  • Atlassian Jira 4.0.1

  • Atlassian Jira 4.0.2

  • Atlassian Jira 4.1

  • Atlassian Jira 4.2

  • Atlassian Jira 4.3

  • Atlassian Jira 4.4

  • Atlassian Jira 5.0


References

XF - jira-xml-dos(75697)

BID - 53595

SECUNIA - 49146

CONFIRM - http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

CONFIRM - http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17

CONFIRM - http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

CONFIRM - http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17

CONFIRM - http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17

XF - fisheye-crucible-xml-dos(75682)

OSVDB - 81993


Last Updated: 27 May 2016 10:57:32