CVE-2011-1571

Опубликовано: 07 мая 2011

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

Ссылки

http://issues.liferay.com/browse/LPS-14726
Issue Tracking
Vendor Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
Release Notes
Vendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9
Mailing List
Third Party Advisory
http://issues.liferay.com/browse/LPS-14726
Issue Tracking
Vendor Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
Release Notes
Vendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*

Версия от 5.1.0 (включая) до 5.1.2 (включая)

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*

Версия от 6.0.0 (включая) до 6.0.5 (включая)

EPSS

Процентиль: 92%

0.07397

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2011-1571

debian

больше 14 лет назад

Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...

GHSA-rpj9-pc39-h8j8

github

больше 3 лет назад

Liferay Portal vulnerable to arbitrary command injection