Synopsis :

The version of Atlassian JIRA installed on the remote host may be
affected by an XML parsing vulnerability.

Description :

According to its self-reported version, the version of Atlassian JIRA
running on the remote host is potentially affected by an XML parsing
vulnerability. This vulnerability may allow an authenticated, remote
attacker to perform a denial of service attack against JIRA.

Note that while Nessus did not confirm if they were installed, the
Tempo and Gliffy plugins are also affected by this issue. If you are
using these plugins with any version of JIRA you should upgrade or
disable them.

See also :

http://www.nessus.org/u?aa695d61
https://jira.atlassian.com/browse/JRA-27719

Solution :

Upgrade to JIRA 5.0.1 or later, and upgrade or disable the Tempo and
Gliffy plugins.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true