QID 731024

Atlassian Confluence is team collaboration software written in Java.
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart which causes a denial of service (DOS) via a crafted web request.

Affected version:
Confluence Data Center and Server 5.7.x
Confluence Data Center and Server 7.13.x
Confluence Data Center and Server 7.19 prior to v7.19.17
Confluence Data Center and Server 7.20.x
Confluence Data Center and Server 8.0.x
Confluence Data Center and Server 8.1.x
Confluence Data Center and Server 8.2.x
Confluence Data Center and Server 8.3 prior to v8.3.4
Confluence Data Center and Server 8.4 prior to v8.4.5
Confluence Data Center and Server 8.5 prior to v8.5.4
Confluence Data Center and Server 8.6 prior to v8.6.2
Confluence Data Center and Server 8.7 prior to v8.7.1

QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server and data center.
QID Detection Logic:(Authenticated) (Windows) It checks for uninstall string in HKLM\SOFTWARE\ to detect the vulnerable version of the product.
QID Detection Logic:(Authenticated) (Linux) It checks for pom.properties file to check for the vulnerable version of the product.

Successful exploitation of this vulnerability could lead to disruption of service.