[LPE-14652] Java Deserialization Vulnerability in TunnelServlet and other components - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.2 EE SP5 (5.2.9) , 6.0 EE (6.0.10), 6.0 EE SP1 (6.0.11), 6.0 EE SP2 (6.0.12), 6.1 EE GA1 (6.1.10), 6.1 EE GA2 (6.1.20), 6.1 EE GA3 (6.1.30), 6.2 EE GA1 (6.2.10)
Fix Version/s: 6.0.X EE, 6.1.X EE, 6.2.X EE
Component/s: Security Vulnerability, Web Services > Tunnel Web
Labels:

Fix Pack Status:
Waiting for Decision
Business Value:
5

Description

Please see https://www.liferay.com/group/customer/products/portal/security-vulnerability/lsv-184

Attachments

Issue Links

causes

LPE-15727 ClassNotFoundException when remote publish is invoked from a plugin after LPS-60358. LPS-66165 was incomplete.

Closed

Activity

People

Assignee:: Bryan Engler

Reporter:: Tibor Lipusz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Jan/16 3:01 AM

Updated:: 27/Dec/22 11:00 AM

Resolved:: 22/Feb/16 4:30 PM

Packages

Version	Package
6.0.X EE
6.1.X EE
6.2.X EE