CVE-2012-2926 - Vulnerability Details

Vendors	Products
Atlassian	Bamboo Confluence Confluence Server Crowd Crucible Fisheye Jira

Link	Providers
http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17
http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17
http://osvdb.org/81993
http://secunia.com/advisories/49146
http://www.securityfocus.com/bid/53595
https://exchange.xforce.ibmcloud.com/vulnerabilities/75682
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "fisheye-crucible-xml-dos(75682)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682"}, {"name": "49146", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49146"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17"}, {"name": "81993", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/81993"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17"}, {"name": "53595", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53595"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17"}, {"name": "jira-xml-dos(75697)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fisheye-crucible-xml-dos(75682)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682"}, {"name": "49146", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49146"}, {"name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17", "refsource": "CONFIRM", "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17"}, {"name": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17", "refsource": "CONFIRM", "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17"}, {"name": "81993", "refsource": "OSVDB", "url": "http://osvdb.org/81993"}, {"name": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17", "refsource": "CONFIRM", "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17"}, {"name": "53595", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53595"}, {"name": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17", "refsource": "CONFIRM", "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17"}, {"name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17", "refsource": "CONFIRM", "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17"}, {"name": "jira-xml-dos(75697)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:05.307Z"}, "title": "CVE Program Container", "references": [{"name": "fisheye-crucible-xml-dos(75682)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682"}, {"name": "49146", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49146"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17"}, {"name": "81993", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/81993"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17"}, {"name": "53595", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53595"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17"}, {"name": "jira-xml-dos(75697)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-2926", "datePublished": "2012-05-22T15:00:00", "dateReserved": "2012-05-22T00:00:00", "dateUpdated": "2024-08-06T19:50:05.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-05-17T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : fisheye-crucible-xml-dos(75682) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 (string)

}

1 : { »

name : 49146 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/49146 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

}

4 : { »

name : 81993 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/81993 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

}

6 : { »

name : 53595 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/53595 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

}

9 : { »

name : jira-xml-dos(75697) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2012-2926 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : fisheye-crucible-xml-dos(75682) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 (string)

}

1 : { »

name : 49146 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/49146 (string)

}

2 : { »

name : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

refsource : CONFIRM (string)

url : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

}

3 : { »

name : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

refsource : CONFIRM (string)

url : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

}

4 : { »

name : 81993 (string)

refsource : OSVDB (string)

url : http://osvdb.org/81993 (string)

}

5 : { »

name : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

refsource : CONFIRM (string)

url : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

}

6 : { »

name : 53595 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/53595 (string)

}

7 : { »

name : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

refsource : CONFIRM (string)

url : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

}

8 : { »

name : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

refsource : CONFIRM (string)

url : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

}

9 : { »

name : jira-xml-dos(75697) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T19:50:05.307Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : fisheye-crucible-xml-dos(75682) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 (string)

}

1 : { »

name : 49146 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/49146 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

}

4 : { »

name : 81993 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/81993 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

}

6 : { »

name : 53595 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/53595 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

}

9 : { »

name : jira-xml-dos(75697) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2012-2926 (string)

datePublished : 2012-05-22T15:00:00 (string)

dateReserved : 2012-05-22T00:00:00 (string)

dateUpdated : 2024-08-06T19:50:05.307Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C1EA6F7-CF4A-43C8-AD67-4A3E97D7B0BC", "versionEndExcluding": "3.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B53F201-032F-4672-A271-8D424B939775", "versionEndExcluding": "3.4.5", "versionStartIncluding": "3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4059F4D-831C-467C-91BC-B49BB7A5487E", "versionEndExcluding": "3.5.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9718C5D3-364A-4BD0-B60D-5FCEA8B1BAFF", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "121D6C9B-9746-423C-9A0A-13697F7B490B", "versionEndExcluding": "4.1.10", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB8E3563-1CF4-4665-8CD3-CAEFFBB6B3B6", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "55437340-1D44-41C7-B82A-6E6473C17B62", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "68C5F90D-1AB3-409E-9A84-8EF42735BCD9", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "C99026A0-1B4A-4CF7-B7E5-DC1231302CEC", "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "28E820F2-4E46-4744-9EE9-C9CDEF78B8D7", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD4C65C4-2C22-48F2-B4F6-D40915374FF1", "versionEndExcluding": "2.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*", "matchCriteriaId": "263668EC-0168-4FC2-82E3-6606269AE372", "versionEndExcluding": "2.6.8", "versionStartIncluding": "2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*", "matchCriteriaId": "B62B11D8-BC78-431B-91D4-F6CE14E0C7D0", "versionEndExcluding": "2.7.12", "versionStartIncluding": "2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*", "matchCriteriaId": "77B117D3-9D05-4192-9A40-B4610D636DE7", "versionEndExcluding": "2.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*", "matchCriteriaId": "3768A3A7-B5F8-46C7-A932-1C779C167216", "versionEndExcluding": "2.6.8", "versionStartIncluding": "2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*", "matchCriteriaId": "4779A8F0-9CDB-46F7-9EB6-B155187218EB", "versionEndExcluding": "2.7.12", "versionStartIncluding": "2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "20F692D8-2A86-403D-82C6-363C9798BD3A", "versionEndExcluding": "5.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors."}, {"lang": "es", "value": "Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por excesivo consumo de recursos) a atacantes remotos a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-2926", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2012-05-22T15:55:02.853", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/81993"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/49146"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/53595"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/81993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/49146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/53595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C1EA6F7-CF4A-43C8-AD67-4A3E97D7B0BC (string)

versionEndExcluding : 3.3.4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B53F201-032F-4672-A271-8D424B939775 (string)

versionEndExcluding : 3.4.5 (string)

versionStartIncluding : 3.4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F4059F4D-831C-467C-91BC-B49BB7A5487E (string)

versionEndExcluding : 3.5.16 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9718C5D3-364A-4BD0-B60D-5FCEA8B1BAFF (string)

versionEndExcluding : 4.0.7 (string)

versionStartIncluding : 4.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 121D6C9B-9746-423C-9A0A-13697F7B490B (string)

versionEndExcluding : 4.1.10 (string)

versionStartIncluding : 4.1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EB8E3563-1CF4-4665-8CD3-CAEFFBB6B3B6 (string)

versionEndExcluding : 2.0.9 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 55437340-1D44-41C7-B82A-6E6473C17B62 (string)

versionEndExcluding : 2.1.2 (string)

versionStartIncluding : 2.1 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 68C5F90D-1AB3-409E-9A84-8EF42735BCD9 (string)

versionEndExcluding : 2.2.9 (string)

versionStartIncluding : 2.2.0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C99026A0-1B4A-4CF7-B7E5-DC1231302CEC (string)

versionEndExcluding : 2.3.7 (string)

versionStartIncluding : 2.3.0 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 28E820F2-4E46-4744-9EE9-C9CDEF78B8D7 (string)

versionEndExcluding : 2.4.1 (string)

versionStartIncluding : 2.4.0 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FD4C65C4-2C22-48F2-B4F6-D40915374FF1 (string)

versionEndExcluding : 2.5.8 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 263668EC-0168-4FC2-82E3-6606269AE372 (string)

versionEndExcluding : 2.6.8 (string)

versionStartIncluding : 2.6 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B62B11D8-BC78-431B-91D4-F6CE14E0C7D0 (string)

versionEndExcluding : 2.7.12 (string)

versionStartIncluding : 2.7 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 77B117D3-9D05-4192-9A40-B4610D636DE7 (string)

versionEndExcluding : 2.5.8 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3768A3A7-B5F8-46C7-A932-1C779C167216 (string)

versionEndExcluding : 2.6.8 (string)

versionStartIncluding : 2.6 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4779A8F0-9CDB-46F7-9EB6-B155187218EB (string)

versionEndExcluding : 2.7.12 (string)

versionStartIncluding : 2.7 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20F692D8-2A86-403D-82C6-363C9798BD3A (string)

versionEndExcluding : 5.0.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. (string)

}

]

id : CVE-2012-2926 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.1 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2012-05-22T15:55:02.853 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://osvdb.org/81993 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/49146 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/53595 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://osvdb.org/81993 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/49146 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/53595 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object