Liferay Portal Local File Disclosure Vulnerability
BID:53184
Info
Liferay Portal Local File Disclosure Vulnerability
| Bugtraq ID: | 53184 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0295 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2012 12:00AM |
| Updated: | Apr 13 2015 09:01PM |
| Credit: | Jelmer Kuperus |
| Vulnerable: |
Liferay Enterprise Portal 6.0.6 ce Liferay Enterprise Portal 6.0.5 ce |
| Not Vulnerable: | |
Discussion
Liferay Portal Local File Disclosure Vulnerability
Liferay Portal is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Liferay Portal is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Exploit / POC
Liferay Portal Local File Disclosure Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
Solution / Fix
Liferay Portal Local File Disclosure Vulnerability
Solution:
Reports indicate this issue has been fixed. Symantec has not verified this information.
Solution:
Reports indicate this issue has been fixed. Symantec has not verified this information.
References
Liferay Portal Local File Disclosure Vulnerability
References:
References:
- jelmerk / LPS-24562-proof (Jelmer Kuperus)
- Specially crafted webdav request allows reading of local files on liferay 6.0.x (Jelmer Kuperus)