Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-26930

Reconfigure Liferay to use a remote cache

    Details

      Description

      By sending a single HTTP request for a JSON service, the portal can be configured to use a remote Memcache that an attacker controls. This allows the attacker to read and/or manipulate any data that is stored in the database, essentially granting the attacker full control of the server.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel.kong Samuel Kong
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 14 weeks, 3 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  6.2.0 CE M2