Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Published: Mar 25, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-3395
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
atlassian / confluence	-	6.6.12
atlassian / confluence	6.7.0	6.12.3
atlassian / confluence_server	6.13.0	6.13.3
atlassian / confluence_server	6.14.0	6.14.2

https://jira.atlassian.com/browse/CONFSERVER-57971

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo