Test ID:	1.3.6.1.4.1.25623.1.0.103512
Category:	Web application abuses
Title:	Atlassian Crowd XML Parser Vulnerability (JRA-27719) - Active Check
Summary:	Atlassian Crowd does not properly restrict the capabilities of; third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial; of service (resource consumption) via unspecified vectors.
Description:	Summary: Atlassian Crowd does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Affected Software/OS: Attlassian Crowd prior to version 2.0.9, version 2.1.x through 2.1.1, 2.2.x through 2.2.8, 2.3.x through 2.3.6 and 2.4.0. Solution: Update to version 2.0.9, 2.1.2, 2.2.9, 2.3.7, 2.4.1 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2926 BugTraq ID: 53595 http://www.securityfocus.com/bid/53595 http://osvdb.org/81993 http://secunia.com/advisories/49146 XForce ISS Database: fisheye-crucible-xml-dos(75682) https://exchange.xforce.ibmcloud.com/vulnerabilities/75682 XForce ISS Database: jira-xml-dos(75697) https://exchange.xforce.ibmcloud.com/vulnerabilities/75697
Copyright	Copyright (C) 2012 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.