Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
CVE-2020-15839
-
7.7
-
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
-
18
-
6
Description
In Liferay DXP 7.1 and 7.2, there is no size restrictions to multipart/form-data requests, which allows remote attackers to conduct denial-of-service attacks by uploading multiple large files.
See also https://help.liferay.com/hc/en-us/articles/360046578271.
Attachments
Issue Links
- causes
-
LPE-17055
LSV-697: Trying to upload very large files with a multipart/formdata request can leave server without memory space
-
- Closed
-