CVE-2012-2928 — MEDIUM (6.4)

Q: How severe is CVE-2012-2928?

CVE-2012-2928 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2928?

Check the references section above for vendor advisories and patch information. Affected products include: Gliffy Gliffy, Atlassian Jira, Atlassian Confluence Server.

Vulnerability Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:P

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gliffy	Gliffy	<= 3.7
Atlassian	Jira	<= 5.0.0
Atlassian	Confluence Server	4.1.9

Related Weaknesses (CWE)

CWE-264

References

http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05MitigationVendor Advisory
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17MitigationVendor Advisory
http://osvdb.org/81993Broken Link
http://secunia.com/advisories/49166Vendor Advisory
http://www.securityfocus.com/bid/53595Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697Third Party AdvisoryVDB Entry
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05MitigationVendor Advisory
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17MitigationVendor Advisory
http://osvdb.org/81993Broken Link
http://secunia.com/advisories/49166Vendor Advisory
http://www.securityfocus.com/bid/53595Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697Third Party AdvisoryVDB Entry

FAQ

What is CVE-2012-2928?

CVE-2012-2928 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to rea...

How severe is CVE-2012-2928?

CVE-2012-2928 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2928?

Check the references section above for vendor advisories and patch information. Affected products include: Gliffy Gliffy, Atlassian Jira, Atlassian Confluence Server.