Uploaded image for project: 'PUBLIC - Liferay Faces'
  1. PUBLIC - Liferay Faces
  2. FACES-2343

Security vulnerability with accessing resources in JSF portlets

    XMLWordPrintable

    Details

      Description

      Due to a requirement in Section 5.2.7 of the JSR 329 Specification, CVE-2015-3244 exists in Liferay Faces Bridge. In addition, the "resource excludes" requirements of the javax.faces.application.ResourceHandler abstract class are not implemented.

      See also https://web.liferay.com/group/customer/products/faces/security-vulnerability/lsv-71.

        Attachments

          Activity

            People

            Assignee:
            neil.griffin Neil Griffin
            Reporter:
            neil.griffin Neil Griffin
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                liferay-faces-2.1.5-ga6
                liferay-faces-2.2.5-ga6
                liferay-faces-3.0.5-legacy-ga6
                liferay-faces-3.0.5-ga6
                liferay-faces-3.1.5-ga6
                liferay-faces-3.2.5-ga6
                liferay-faces-4.2.5-ga6