Find Atlassian Confluence via HTTP Header (Atlassian Confluence Data Center)

HTTP Header doesn’t lie
CVE-2022-26134 : Atlassian Confluence Sever ver 7.18.1 RCE PoC via OGNL injection vulnerability
confluence

patch is out: Confluence Server Download Archives | Atlassian

Hasn’t been a good 12 months for Atlassian.

Good thread by Kevin Beaumont:

There’s a little more detail in this Bleeping Computer article (though it mostly restates what’s in the Volexity post): Critical Atlassian Confluence zero-day actively used in attacks

We just put ours behind our vpn only. Figured it was fairly bad when their workaround was “have you tried turning it off?”