Описание
Liferay Portal vulnerable to arbitrary command injection
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1571
- https://github.com/liferay/liferay-portal/commit/55502ca16019e1ea1a581ee87f4f20cde638c825
- http://issues.liferay.com/browse/LPS-14726
- http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
- http://openwall.com/lists/oss-security/2011/03/29/1
- http://openwall.com/lists/oss-security/2011/04/08/5
- http://openwall.com/lists/oss-security/2011/04/11/9
Пакеты
Наименование
com.liferay.portal:portal-service
maven
Затронутые версииВерсия исправления
>= 5.0.0, < 6.0.6-ga
6.0.6-ga
Связанные уязвимости
nvd
почти 15 лет назад
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
debian
почти 15 лет назад
Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...