Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1503

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-1503
Last Modified 31 May 2011 12:00:00
Published 07 May 2011 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1503

Summary

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Vulnerable Systems

Application

  • Liferay Portal 5.0.0

  • Liferay Portal 5.0.1

  • Liferay Portal 5.1.0

  • Liferay Portal 5.1.1

  • Liferay Portal 5.1.2

  • Liferay Portal 5.2.0

  • Liferay Portal 5.2.1

  • Liferay Portal 5.2.2

  • Liferay Portal 5.2.3

  • Liferay Portal 6.0.0

  • Liferay Portal 6.0.1

  • Liferay Portal 6.0.2

  • Liferay Portal 6.0.3

  • Liferay Portal 6.0.4

  • Liferay Portal 6.0.5


References

MLIST - [oss-security] 20110411 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110408 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110329 CVE requests : Liferay 6.0.6

CONFIRM - http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

CONFIRM - http://issues.liferay.com/browse/LPS-13762


Last Updated: 27 May 2016 10:56:22