{"id":8533,"date":"2019-04-22T06:04:01","date_gmt":"2019-04-22T06:04:01","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=8533"},"modified":"2026-04-17T18:07:54","modified_gmt":"2026-04-17T18:07:54","slug":"confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/","title":{"rendered":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide"},"content":{"rendered":"<p><!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\"><br \/>\n<html><body><\/p>\n<h2><strong>1 Vulnerability Overview<\/strong><\/h2>\n<p>Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a remote code execution vulnerability (CVE-2019-3396). The two vulnerabilities respectively reside in WebDAV and Widget Connector and could be exploited by an attacker for remote code execution and server-side request forgery.<!--more--><\/p>\n<ul>\n<li>CVE-2019-3395 WebDAV<\/li>\n<\/ul>\n<p>Confluence Server and Data Center versions released before June 18, 2018 are vulnerable to this issue. This vulnerability exists in the WebDAV plug-in, which allows an attacker to implement server-side request forgery by sending arbitrary HTTP or WebDAV requests from a Confluence Server or Data Center.<\/p>\n<p>V6.8.5 and V6.9.3 are officially released to fix this vulnerability.<\/p>\n<ul>\n<li>CVE-2019-3396 Widget Connector<\/li>\n<\/ul>\n<p>This vulnerability is a server-side template injection vulnerability which exists in the Widget Connector plug-in in the Confluence Server and Data Center. An attacker could exploit this vulnerability for directory traversal and remote code execution.<\/p>\n<p>V6.12.3, V6.13.3, and 6.14.2 are officially released to fix this vulnerability.<\/p>\n<p>Currently, the PoC of this vulnerability is publicly available. The following screenshot shows the vulnerability exploitation success.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-1.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-8534\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"921\" height=\"344\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-1.jpg 921w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-1-300x112.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-1-768x287.jpg 768w\" sizes=\"(max-width: 921px) 100vw, 921px\" \/><\/a><\/p>\n<p>Reference link:<\/p>\n<p><a href=\"https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.html\">https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.html<\/a><\/p>\n<h2><a name=\"_Toc5806840\"><\/a><strong>2 Scope of Impact<\/strong><\/h2>\n<p>Affected Versions<\/p>\n<ul>\n<li>Confluence 1.*.*, 2.*.*, 3.*.*, 4.*.*, 5.*.*<\/li>\n<li>Confluence 6.0.*, 6.1.*, 6.2.*, 6.3.*, 6.4.*, 6.5.*<\/li>\n<li>Confluence 6.6.* &lt; 6.6.12<\/li>\n<li>Confluence 6.7.*, 6.8.*, 6.9.*, 6.10.*, 6.11.*<\/li>\n<li>Confluence 6.12.* &lt; 6.12.3<\/li>\n<li>Confluence 6.13.* &lt; 6.13.3<\/li>\n<li>Confluence 6.14.* &lt; 6.14.2<\/li>\n<\/ul>\n<p>Unaffected Versions<\/p>\n<ul>\n<li>Confluence &gt;= 6.6.12<\/li>\n<li>Confluence &gt;= 6.12.3<\/li>\n<li>Confluence &gt;= 6.13.3<\/li>\n<li>Confluence &gt;= 6.14.2<\/li>\n<li>Confluence 6.15.1<\/li>\n<\/ul>\n<p>The vendor has indicated that Confluence Cloud is not affected by the two vulnerabilities in question.<\/p>\n<h2><a name=\"_Toc5806841\"><\/a><strong>3 Check for the Vulnerability<\/strong><\/h2>\n<p>Users can click &Acirc;&nbsp;and select <strong>About Confluence<\/strong> to check the current version of Confluence to determine whether it is affected.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-2.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-8535\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-2.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"921\" height=\"496\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-2.jpg 921w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-2-300x162.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-2-768x414.jpg 768w\" sizes=\"(max-width: 921px) 100vw, 921px\" \/><\/a><\/p>\n<h2><strong><a name=\"_Toc5806842\"><\/a>4 Recommended Mitigation Measures<\/strong><\/h2>\n<h3><strong><a name=\"_Toc5806843\"><\/a>4.1 Official Upgrade<\/strong><\/h3>\n<p>The vendor advises users to upgrade Confluence to the latest version V6.15.1 by downloading and installing patches from the following links to ensure the security and stability of this service.<\/p>\n<p><a href=\"https:\/\/www.atlassian.com\/software\/confluence\/download\/\">https:\/\/www.atlassian.com\/software\/confluence\/download\/<\/a><\/p>\n<p><a href=\"https:\/\/atlassian.com\/software\/confluence\/download\/data-center\">https:\/\/atlassian.com\/software\/confluence\/download\/data-center<\/a><\/p>\n<p>If the service cannot be upgraded to the latest version, users can upgrade it to a version that has the vulnerabilities fixed, by reference to the following table:<\/p>\n<table width=\"529\">\n<thead>\n<tr>\n<td width=\"259\">Vulnerable Version<\/td>\n<td width=\"261\">Version with the Vulnerabilities Fixed<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"259\">6.12.0, 6.12.1, 6.12.2<\/td>\n<td width=\"261\">6.12.3<\/td>\n<\/tr>\n<tr>\n<td width=\"259\">6.14.0, 6.14.1<\/td>\n<td width=\"261\">6.14.2<\/td>\n<\/tr>\n<tr>\n<td width=\"259\">6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11<\/td>\n<td width=\"261\">6.6.12<\/td>\n<\/tr>\n<tr>\n<td width=\"259\">6.13.0, 6.13.1, 6.13.2<\/td>\n<td width=\"261\">6.13.3<\/td>\n<\/tr>\n<tr>\n<td width=\"259\">Other earlier versions<\/td>\n<td width=\"261\">6.14.2, 6.13.3, or 6.6.12<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><strong><a name=\"_Toc5806844\"><\/a>4.2 Upgrading the Widget Connector Plug-in to a Secure Version<\/strong><\/h3>\n<p>Users can fix the vulnerability (CVE-2019-3396) by replacing widgetconnector-*.jar with <strong>widgetconnector-3.1.4.jar<\/strong>. The detailed procedure is as follows:<\/p>\n<ol>\n<li>Locate the widgetconnector-*.jar file. For the Linux system, you can run the following command to search for this file:<\/li>\n<\/ol>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-3.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-8536\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-3.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"467\" height=\"39\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-3.jpg 467w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-3-300x25.jpg 300w\" sizes=\"(max-width: 467px) 100vw, 467px\" \/><\/a><\/p>\n<ol start=\"2\">\n<li>Replace the current widgetconnector-*.jar file with the secure version (<strong>widgetconnector-3.1.4.jar<\/strong>) by downloading the secure file from the following link:<\/li>\n<\/ol>\n<p><a href=\"https:\/\/packages.atlassian.com\/maven-public\/com\/atlassian\/confluence\/extra\/widgetconnector\/widgetconnector\/3.1.4\/widgetconnector-3.1.4.jar\">https:\/\/packages.atlassian.com\/maven-public\/com\/atlassian\/confluence\/extra\/widgetconnector\/widgetconnector\/3.1.4\/widgetconnector-3.1.4.jar<\/a><\/p>\n<ol start=\"3\">\n<li>Restart the service to complete the remediation.<\/li>\n<\/ol>\n<h3><strong><a name=\"_Toc5806845\"><\/a>4.3 Disabling Insecure Plug-ins<\/strong><\/h3>\n<p>If it is impossible to upgrade Confluence immediately, users can choose &Acirc;&nbsp;&gt; <strong>Manage apps\/add-ons<\/strong> and select <strong>System<\/strong> to disable the following plug-ins:<\/p>\n<ul>\n<li>WebDAV plug-in<\/li>\n<li>Widget Connector<\/li>\n<\/ul>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-8537\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-4.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"730\" height=\"365\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-4.jpg 730w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/04\/0422-4-300x150.jpg 300w\" sizes=\"(max-width: 730px) 100vw, 730px\" \/><\/a><\/p>\n<p>Notes:<\/p>\n<ul>\n<li>If the Widget Connector plug-in is disabled, the Widget Connector macro will be unavailable and users will be shown an &#8220;unknown plug-in&#8221; error. This macro is used to display contents from YouTube, Vimeo, and Twitter.<\/li>\n<li>If the WebDAV plug-in is disabled, users will not be able to connect to Confluence by using a WebDAV client. Also, disabling this plug-in causes the Office Connector plug-in to be disabled.<\/li>\n<\/ul>\n<p>After the upgrade is completed, you need to enable the following plug-ins manually:<\/p>\n<ul>\n<li>WebDAV plug-in<\/li>\n<li>Widget Connector<\/li>\n<li>Office Connector.<\/li>\n<\/ul>\n<h2><strong>Appendix<\/strong><\/h2>\n<ul>\n<li>\n<h3><strong>Statement<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n<ul>\n<li>\n<h3><strong>About NSFOCUS<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company&#8217;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.<\/p>\n<p>For more information about NSFOCUS, please visit:<\/p>\n<p><a href=\"https:\/\/www.nsfocusglobal.com\">https:\/\/www.nsfocusglobal.com<\/a><\/p>\n<p>NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.<\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a remote code execution vulnerability (CVE-2019-3396). The two vulnerabilities respectively reside in WebDAV and Widget Connector and could be exploited by an attacker for remote code execution and server-side request forgery.<\/p>\n","protected":false},"author":1,"featured_media":8142,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6],"tags":[149],"class_list":["post-8533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response","tag-confluence-ssrf"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-22T06:04:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide\",\"datePublished\":\"2019-04-22T06:04:01+00:00\",\"dateModified\":\"2026-04-17T18:07:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/\"},\"wordCount\":776,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/1108-2.jpg\",\"keywords\":[\"Confluence SSRF\"],\"articleSection\":[\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/\",\"name\":\"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/1108-2.jpg\",\"datePublished\":\"2019-04-22T06:04:01+00:00\",\"dateModified\":\"2026-04-17T18:07:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/1108-2.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/1108-2.jpg\",\"width\":493,\"height\":316,\"caption\":\"Digital shield with binary code and circuits.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/","og_locale":"pt_BR","og_type":"article","og_title":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS","og_description":"1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a","og_url":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/","og_site_name":"NSFOCUS","article_published_time":"2019-04-22T06:04:01+00:00","article_modified_time":"2026-04-17T18:07:54+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS","twitter_description":"1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide","datePublished":"2019-04-22T06:04:01+00:00","dateModified":"2026-04-17T18:07:54+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/"},"wordCount":776,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","keywords":["Confluence SSRF"],"articleSection":["Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/","url":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/","name":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","datePublished":"2019-04-22T06:04:01+00:00","dateModified":"2026-04-17T18:07:54+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/02\/1108-2.jpg","width":493,"height":316,"caption":"Digital shield with binary code and circuits."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/confluence-ssrf-and-remote-code-execution-vulnerability-handling-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Confluence SSRF and Remote Code Execution Vulnerability Handling Guide"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/8533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=8533"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/8533\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/8142"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=8533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=8533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=8533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}