Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
References
Link | Resource |
---|---|
http://issues.liferay.com/browse/LPS-14927 | Issue Tracking Vendor Advisory |
http://openwall.com/lists/oss-security/2011/03/29/1 | Mailing List Third Party Advisory |
http://openwall.com/lists/oss-security/2011/04/08/5 | Mailing List Third Party Advisory |
http://openwall.com/lists/oss-security/2011/04/11/9 | Mailing List Third Party Advisory |
Configurations
History
No history.
Information
Published : 2011-05-07 19:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1502
Mitre link : CVE-2011-1502
CVE.ORG link : CVE-2011-1502
JSON object : View
Products Affected
liferay
- liferay_portal
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor