Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-16861

UNKNOWN
Published 2018-02-01T04:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16861. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Fisheye and Crucible

Affected Versions:

prior to 4.4.5 4.5.0 prior to 4.5.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-cv2h-wxc2-2v4j

Advisory Details

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16861
WEB https://confluence.atlassian.com/x/h-QyO
WEB https://confluence.atlassian.com/x/iPQyO
WEB https://jira.atlassian.com/browse/CRUC-8156
WEB https://jira.atlassian.com/browse/FE-6991
WEB http://www.securityfocus.com/bid/102971

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://jira.atlassian.com/browse/CRUC-8156
https://confluence.atlassian.com/x/h-QyO
http://www.securityfocus.com/bid/102971
https://confluence.atlassian.com/x/iPQyO
https://jira.atlassian.com/browse/FE-6991
Published: 2018-02-01T04:00:00Z
Last Modified: 2024-09-16T22:56:24.722Z
Copied to clipboard!