Products

Solutions

Company

Book A Live Demo

CVE-2017-18111 Explained : Impact and Mitigation

Learn about CVE-2017-18111 affecting Atlassian Application Links versions before 5.0.10, from 5.1.0 until 5.1.3, and from 5.2.0 until 5.2.6. Discover the impact, technical details, and mitigation steps.

Atlassian Application Links versions before 5.0.10, from version 5.1.0 until 5.1.3, and from version 5.2.0 until 5.2.6 are vulnerable to XXE attacks, allowing malicious oauth applications to exploit the vulnerability.

Understanding CVE-2017-18111

The XML document builder used by the OAuthHelper in Atlassian Application Links had a vulnerability to XXE (XML External Entity) attacks.

What is CVE-2017-18111?

The vulnerability in Atlassian Application Links versions allowed malicious oauth application linked applications to access internal network resources, retrieve file contents, and potentially cause an out of memory exception.

The Impact of CVE-2017-18111

Malicious oauth applications could exploit the vulnerability to access internal network resources and retrieve file contents.

The vulnerability could potentially cause an out of memory exception, impacting availability.

Technical Details of CVE-2017-18111

The technical details of the vulnerability in Atlassian Application Links.

Vulnerability Description

The OAuthHelper in Atlassian Application Links versions before 5.0.10, from version 5.1.0 until 5.1.3, and from version 5.2.0 until 5.2.6 used an XML document builder vulnerable to XXE attacks.

Affected Systems and Versions

Product: Application Links

Vendor: Atlassian

Versions before 5.0.10

Versions from 5.1.0 until 5.1.3

Versions from 5.2.0 until 5.2.6

Exploitation Mechanism

The vulnerability allowed malicious oauth application linked applications to probe internal network resources, read file contents, and cause an out of memory exception via an XML External Entity vulnerability.

Mitigation and Prevention

Steps to mitigate and prevent the CVE-2017-18111 vulnerability.

Immediate Steps to Take

Update Atlassian Application Links to versions 5.0.10, 5.1.3, or 5.2.6 to eliminate the vulnerability.

Monitor network traffic for any suspicious activity.

Long-Term Security Practices

Regularly update software and applications to the latest versions.

Implement network segmentation to limit access to critical resources.

Patching and Updates

Apply patches provided by Atlassian to fix the vulnerability in Application Links.

CVE-2017-18111 Explained : Impact and Mitigation

Understanding CVE-2017-18111

What is CVE-2017-18111?

The Impact of CVE-2017-18111

Technical Details of CVE-2017-18111

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-18111 Explained : Impact and Mitigation

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-18111

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-18111?

The Impact of CVE-2017-18111

Technical Details of CVE-2017-18111

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-18111

What is CVE-2017-18111?

Is your System Free of Underlying Vulnerabilities?
Find Out Now