Описание
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
Ссылки
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.0 (включая) до 6.0.5 (включая)
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*
EPSS
Процентиль: 66%
0.00514
Низкий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
debian
больше 14 лет назад
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...
github
больше 3 лет назад
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
EPSS
Процентиль: 66%
0.00514
Низкий
4 Medium
CVSS2
Дефекты
CWE-200