Jira IconURIServlet SSRF CVE-2017-9506 Scanner

Details

Stay Up To Date

Follow @secforeveryone

Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

Jira IconURIServlet SSRF CVE-2017-9506 Scanner Detail

Jira IconURIServlet contains a server side request forgery vulnerability.

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
https://ecosystem.atlassian.net/browse/OAUTH-344
https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
https://twitter.com/Zer0Security/status/983529439433777152
https://twitter.com/ankit_anubhav/status/973566620676382721

Some Advice for Common Problems

Update your Jira application to the latest version to eliminate this vulnerability.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service