PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-26596

Potential memory leak and security vulnerability through CacheFilter and WebServerServlet

    Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed
    • Similar Issues:
      Show 4 results 

      Description

      Currently for search engine optimization (and possibly to be immune to those values changing), when there are four parts to the path in WebServerServlet the middle two sections are ignored and only the groupId and the uuid_ are used to return the image.

      While this is not problematic in of itself, if a user uploads any file to the Documents and Media portlet and crafts 10,000 versions of the /image/groupId/gibberish/gibberish/uuid URL with different values of gibberish each time, they can fill up the CacheUtil cache (by default 10,000 elements) with items up to cache.content.threshold.size (default 512,000 bytes).

      With default configuration settings for cache and max image size, a malicious user can fill up 5 GB of heap by requesting a 512,000 byte image 10,000 times with different values for the middle two components of the path each time. For most Liferay installations, this is sufficient to crash the server with an OutOfMemoryException for thirty minutes (the time it takes for the cache entries to expire).

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        1m 55s 1 Minhchau Dang 09/Apr/12 5:19 PM
        In Progress In Progress In Review In Review
        33s 1 Minhchau Dang 09/Apr/12 5:20 PM
        In Review In Review Resolved Resolved
        54m 25s 1 Brian Chan 09/Apr/12 6:14 PM
        Closed Closed Reopened Reopened
        37d 4h 23m 1 Brian Chan 23/May/12 3:22 PM
        Reopened Reopened Resolved Resolved
        14s 1 Brian Chan 23/May/12 3:22 PM
        Resolved Resolved Closed Closed
        7d 12h 8m 2 Michael Saechang 24/May/12 10:46 AM

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 1 week, 5 days ago

              Development

                Structure Helper Panel