CVE-2011-1502

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
References
Link Resource
http://issues.liferay.com/browse/LPS-14927 Issue Tracking Vendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2011-05-07 19:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-1502

Mitre link : CVE-2011-1502

CVE.ORG link : CVE-2011-1502


JSON object : View

Products Affected

liferay

  • liferay_portal
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor