STE WILLIAMS

Atlassian has warned of a critical security flaw in its Confluence product.

All versions of Confluence up to and including 4.1.9 are at risk, the company says, thanks to what it calls an “ XML parsing vulnerability” that could lead to “denial of service attacks against the Confluence server” or allow intruders to “read all local files readable to the system user under which Confluence runs.”

The fix for the problem is simple: upgrade to Confluence 4.2, a step the company says is necessary because the problem cannot be fixed with a mere patch.

If an upgrade is not feasible, Atlassian has posted a mitigation procedure, but warns the actions it recommends “will only limit the impact of the vulnerability … not mitigate it completely.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/18/atlassian_critical_confluence/