Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability

Bugtraq ID:	53603
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	May 17 2012 12:00AM
Updated:	Dec 04 2012 10:30PM
Credit:	Reported by the vendor
Vulnerable:	Atlassian Fisheye 2.5.7 Atlassian Fisheye 2.5.6 Atlassian Fisheye 2.5.5 Atlassian Fisheye 2.7.9 Atlassian Fisheye 2.7.11 Atlassian Fisheye 2.6.7 Atlassian Fisheye 2.5.4 Atlassian Fisheye 2.5.2 Atlassian Crucible 2.5.7 Atlassian Crucible 2.5.6 Atlassian Crucible 2.5.5 Atlassian Crucible 2.7.9 Atlassian Crucible 2.7.11 Atlassian Crucible 2.6.7 Atlassian Crucible 2.5.4 Atlassian Crucible 2.5.2 Atlassian Crucible 2.5.0
Not Vulnerable:	Atlassian FishEye 2.7.12 0 Atlassian FishEye 2.6.8 0 Atlassian FishEye 2.5.8 0 Atlassian Crucible 2.7.12 0 Atlassian Crucible 2.6.8 0 Atlassian Crucible 2.5.8 0

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability

The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data.

Exploiting this issue allows remote attackers to cause denial-of-service conditions or to disclose local sensitive files in the context of an affected application.

FishEye and Crucible versions up to and including 2.7.11 are vulnerable.