Denies reports of a second vuln
Cloud provider Atlassian has moved to patch what a security researcher describes as a backdoor in its enterprise single sign-on Crowd service. However, the company is disputing Command Five's assertion that a second, as-yet-unpatched vulnerability remains. Command Five's advisory states that XML DTD (document type definition) parsing gave attackers a means to “retrieve files from the target network, make HTTP requests on the target network, or carry out a Denial of Service attack.” As the ad...