CVE-2011-1571
EPSS 7.4%Liferay Portal vulnerable to arbitrary command injection
發布日:2022/5/13修改日:2025/7/15
描述
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
受影響套件(1)
- Maven/com.liferay.portal:portal-service>= 5.0.0, < 6.0.6-ga
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1571
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttp://issues.liferay.com/browse/LPS-14726
- WEBhttp://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
- WEBhttp://openwall.com/lists/oss-security/2011/03/29/1
- WEBhttp://openwall.com/lists/oss-security/2011/04/08/5
- WEBhttp://openwall.com/lists/oss-security/2011/04/11/9
- WEBhttps://github.com/liferay/liferay-portal/commit/55502ca16019e1ea1a581ee87f4f20cde638c825