Full title: Atlassian Confluence Improper Authorization / Code Execution Exploit 
Category: remote exploits
Platform: java
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.

# 0day.today @ http://0day.today/