The host is installed with Atlassian Confluence Server before 6.13.18, 6.14.x before 7.4.6 or 7.5.x before 7.8.3 and is prone to an arbitrary file read vulnerability. A flaw is present in the application which fails to properly handle the ConfluenceResourceDownloadRewriteRule class. Successful exploitation allows remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.