How to Buy
This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web application is affected by multiple vulnerabilities.
According to its self-reported version number, the instance of
Atlassian Confluence on the remote host is a version prior to 4.3.7.
It is, therefore, affected by multiple vulnerabilities :
- A clickjacking vulnerability exists due to the lack of
iframe busting prevention. An attacker may exploit this
to perform a limited amount of actions on the user's
- The application does not properly check user uploaded
files. By uploading a flash file, a remote attacker can
place the file in a user-accessible path. A subsequent
direct request to the file could allow the attacker to
execute a script with the privileges of the web server.
- A cross-site scripting flaw exists because the
application does not properly check uploaded file
attachments to a wiki page. By uploading a specially
crafted file, an attacker could execute arbitrary
script within the browser / server trust relationship.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Confluence version 4.3.7 or later, or apply the appropriate
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 71213 ()
Bugtraq ID: 6113561170
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.