Количество 2
Количество 2
CVE-2025-3526
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
GHSA-mf3r-6m25-3867
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-3526 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
| GHSA-mf3r-6m25-3867 Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу