Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1502

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-1502
Last Modified 31 May 2011 12:00:00
Published 07 May 2011 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1502

Summary

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

Vulnerable Systems

Application

  • Liferay Portal 6.0.0

  • Liferay Portal 6.0.1

  • Liferay Portal 6.0.2

  • Liferay Portal 6.0.3

  • Liferay Portal 6.0.4

  • Liferay Portal 6.0.5


References

MLIST - [oss-security] 20110411 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110408 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110329 CVE requests : Liferay 6.0.6

CONFIRM - http://issues.liferay.com/browse/LPS-14927


Last Updated: 27 May 2016 10:56:22