CVE-2013-3925
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.
| Software | From | Fixed in |
|---|---|---|
| atlassian / crowd | 2.5.2 | 2.5.2.x |
| atlassian / crowd | 2.5.1 | 2.5.1.x |
| atlassian / crowd | 2.5.3 | 2.5.3.x |
| atlassian / crowd | 2.5.0 | 2.5.0.x |
| atlassian / crowd | 2.6.0 | 2.6.0.x |
| atlassian / crowd | 2.6.1 | 2.6.1.x |
| atlassian / crowd | 2.6.2 | 2.6.2.x |
| atlassian / crowd | 2.4.9 | 2.4.9.x |
| atlassian / crowd | 2.3.8 | 2.3.8.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime