Summary
This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability.
Impact
Successful exploitation allow remote attackers to gain access to arbitrary files by sending specially crafted XML data.
Solution
Upgrade to version 2.5.4, 2.6.3, 2.7 or higher,
For updates refer to http://www.atlassian.com/software/crowd/download
Insight
Flaw is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source.
Affected
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9
Detection
Send a crafted data via HTTP POST request and check whether it is able to read the system file or not.
References
Severity
Classification
-
CVE CVE-2013-3925 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities