Description

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

Remediation

References

CVE-2017-18101

Related Vulnerabilities

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17567)

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

Play Framework Out-of-bounds Write Vulnerability (CVE-2020-27196)

Oracle Application Server CVE-2008-3975 Vulnerability (CVE-2008-3975)

WordPress Plugin WooCommerce PayU India (PayUmoney-PayUbiz) Parameter Tampering (2.1.1)

Severity

Medium

Classification

CVE-2017-18101 CWE-862

Tags

Missing Update Known Vulnerabilities