I cannot install the workaround for CVE-2019-3398

From now on, the server.xml file contain this line : <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">

The workaround (see above) contain "<Context path="/pages/downloadallattachments.action" docBase="" >"

If I use the line '<Context path="/pages/downloadallattachments.action" docBase="" >' to replace the actual line : it doesn't work.

Can you tell me how to adapt the workaround line considering (or not) the actual line ?

best regards,

1 answer

0 votes

Hello Nicolas,

Thank you for reaching out regarding this!

I've had a look at the workaround you mention, but I see that it doesn't mention to replace any lines, but to add it to the <Host> element.

You should already have some existing Context paths there, but don't modify those, just add the new lines inside of the <Host> element.

So mine looks like this:

Screenshot 2019-05-08 at 14.00.43.png

Of course, if you are using a context path, you need to adjust it to your own, but the goal is to have it as another item in the <Host> element.

Can you give that a try and let me know how it goes?

Regards,

Shannon

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.