RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
BID:53190
Info
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
| Bugtraq ID: | 53190 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2012 12:00AM |
| Updated: | Apr 23 2012 05:30PM |
| Credit: | Jelmer Kuperus |
| Vulnerable: |
Liferay Enterprise Portal 6.1 Liferay Enterprise Portal 6.0 |
| Not Vulnerable: | |
Discussion
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
Liferay Enterprise Portal is prone to arbitrary file download and security bypass vulnerability.
Attackers can exploit these issues to download arbitrary files from the webserver and potentially obtain sensitive information, bypass security restrictions, and perform unauthorized actions; this may aid in launching further attacks.
Liferay 6.0 is vulnerable; other versions may also be affected.
This BID is being retired. The issues are covered in BIDs 53184 and 53186.
Liferay Enterprise Portal is prone to arbitrary file download and security bypass vulnerability.
Attackers can exploit these issues to download arbitrary files from the webserver and potentially obtain sensitive information, bypass security restrictions, and perform unauthorized actions; this may aid in launching further attacks.
Liferay 6.0 is vulnerable; other versions may also be affected.
This BID is being retired. The issues are covered in BIDs 53184 and 53186.
Exploit / POC
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
References:
References:
- Liferay Portal Product Page (Liferay)