CVE-2017-5983 PoC — Atlassian JIRA Server JIRA Workflow Designer插件安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-5983.yaml

Associated Vulnerability

Title:Atlassian JIRA Server JIRA Workflow Designer插件安全漏洞 (CVE-2017-5983)
Description:Atlassian JIRA Server是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。JIRA Workflow Designer是其中的一个工作流设计插件。 Atlassian JIRA Server 6.3.0之前的版本中的JIRA Workflow Designer插件存在安全漏洞，该漏洞源于程序没有正确的使用XML过滤器和反序列化转换器。远程攻击者可借助特制的序列化Java对象利用该漏洞执行任意代码，读取任意文件或造成拒绝服务。

Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

File Snapshot


 id: CVE-2017-5983

info:
  name: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Re

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!