Details

      Description

      By sending a single HTTP request for a JSON service, the portal can be configured to use a remote Memcache that an attacker controls. This allows the attacker to read and/or manipulate any data that is stored in the database, essentially granting the attacker full control of the server.

        Issue Links

          Activity

          Hide
          samuel.kong Samuel Kong added a comment -

          The code for this ticket was committed under LPS-26558.

          Show
          samuel.kong Samuel Kong added a comment - The code for this ticket was committed under LPS-26558.
          Hide
          juangon Juan G (Inactive) added a comment -

          If this affects 6.1.0 GA and it's a security thread, wouldn't have to get into 6.1.1 GA2?

          Show
          juangon Juan G (Inactive) added a comment - If this affects 6.1.0 GA and it's a security thread, wouldn't have to get into 6.1.1 GA2?
          Hide
          samuel.kong Samuel Kong added a comment -

          Thank Juan. Backported.

          Show
          samuel.kong Samuel Kong added a comment - Thank Juan. Backported.
          Hide
          juangon Juan G (Inactive) added a comment -

          Thanks very much Samuel!

          Show
          juangon Juan G (Inactive) added a comment - Thanks very much Samuel!

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              samuel.kong Samuel Kong
              Recent user:
              Esther Sanz
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 33 weeks, 3 days ago

                Development

                  Subcomponents