Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-18216

PortalServiceImpl and PortleServiceImpl expose sensitive data

    Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      Attacker can use JSON interface to get:

      • list of deployed portlets and service contexts
      • liferay version number (important when Liferay-Portal response header is filtered out)
      • autodeploy directory on server

      Thank you.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  7 years, 51 weeks, 1 day ago

                  Packages

                  Version Package
                  6.0.12 EE
                  6.1.0 CE RC1