Loading... (original) (raw)

• Type: Bug
• Resolution: Answered
• Priority: Low
• Fix Version/s: None
• Affects Version/s: None
• Component/s: None
• Labels:
  • affects-server

This applies to all Atlassian products that may use the commons collections:
There is a longstanding, unpatched unserialize vulnerability in the commons-collections Java library that allows remote code execution. More details here: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thevulnerability

–

Only JIRA instances with a Data Center license are vulnerable through ehcache RMI, which is used for clustering, and by default listens on port 40001. Ensure that you only permit cluster nodes to connect to a JIRA Data Center instance's ehcache RMI port through the use of a firewall and/or network segregation.

relates to

JRASERVER-47638 Upgrade to version 3.2.2 of apache commons-collections

• 
• Closed

mentioned in

Page Loading...

Page Loading...

Page Loading...

Page Loading...

Page Loading...

Page Loading...

(2 mentioned in)