Skip to content

Latest commit

 

History

History
17 lines (12 loc) · 594 Bytes

File metadata and controls

17 lines (12 loc) · 594 Bytes

Apache.org incident

Attackers posted a malicious obfuscated URL in JIRA hiding an XSS attack. Once credentials were obtained, attackers modified the JIRA behavior to capture more credentials, and with one of those credentials they logged to the server hosting JIRA, Bugzilla and Confluence for Apache. Most importantly, some of the servers had cached Subversion credentials.

Impact

Systems had to be reimaged, passwords rotated, the Confluence and Bugzilla databases are considered leaked.

Type of compromise

Attack Chaining - multiple compromises.