CVE-2010-1165 Information

Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments) (2) index (aka indexing) or (3) backup path and then uploading a file as exploited in the wild in April 2010.

Reference

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 http://jira.atlassian.com/browse/JRA-20995 http://jira.atlassian.com/browse/JRA-21004 http://secunia.com/advisories/39353 http://www.openwall.com/lists/oss-security/2010/04/16/3 http://www.openwall.com/lists/oss-security/2010/04/16/4 http://www.securityfocus.com/bid/39485 https://exchange.xforce.ibmcloud.com/vulnerabilities/57828