Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16398

DoS and MiM vulnerabilities in Liferay Connector to SAML 2.0

    Details

      Description

      The version of Apache Commons HttpClient that is shipped with Liferay Connector to SAML 2.0 (formerly Liferay SAML 2.0 Provider) is vulnerable to denial-of-service (DoS) and man-in-the-middle (MiM) attacks.

      See also https://help.liferay.com/hc/en-us/articles/360017811291-LSV-382-DoS-and-MiM-vulnerabilities-in-Liferay-Connector-to-SAML-2-0

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              EnterpriseReleaseHU Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.1.X EE
                6.2.X EE
                7.0.X EE