Atlassian JIRA CVE-2017-5983 Remote Code Execution Vulnerability

Atlassian JIRA is prone to remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

Atlassian JIRA 4.2.4 prior to 6.3.0 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97379
Class: Input Validation Error
CVE: CVE-2017-5983

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Markus Wulftange
Vulnerable: Atlassian JIRA 6.2.7
Atlassian JIRA 4.2.4

Not Vulnerable: Atlassian JIRA 6.3

References:

• Atlassian JIRA Homepage (Atlassian)
  
• Multiple Vulnerabilities in JIRA Workflow Servlet (atlassian)
  
• VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization (CERT)
  

Source: www.securityfocus.com