Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16398

DoS and MiM vulnerabilities in Liferay Connector to SAML 2.0

Details

    Description

      The version of Apache Commons HttpClient that is shipped with Liferay Connector to SAML 2.0 (formerly Liferay SAML 2.0 Provider) is vulnerable to denial-of-service (DoS) and man-in-the-middle (MiM) attacks.

      See also https://help.liferay.com/hc/en-us/articles/360017811291-LSV-382-DoS-and-MiM-vulnerabilities-in-Liferay-Connector-to-SAML-2-0

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                6.1.X EE
                6.2.X EE
                7.0.X EE