This site may contain outdated or incomplete information.
Apache.org incident
Attackers posted a malicious obfuscated URL in JIRA hiding an XSS attack. Once credentials were obtained, attackers modified the JIRA behavior to capture more credentials, and with one of those credentials they logged to the server hosting JIRA, Bugzilla and Confluence for Apache. Most importantly, some of the servers had cached Subversion credentials.
Impact
Systems had to be reimaged, passwords rotated, the Confluence and Bugzilla databases are considered leaked.
Type of compromise
Attack Chaining - multiple compromises.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.