Details

    • Similar Issues:
      Show 3 results 

      Description

      By sending a single HTTP request for a JSON service, the portal can be configured to use a remote Memcache that an attacker controls. This allows the attacker to read and/or manipulate any data that is stored in the database, essentially granting the attacker full control of the server.

        Activity

        Hide
        Samuel Kong added a comment -

        The code for this ticket was committed under LPS-26558.

        Show
        Samuel Kong added a comment - The code for this ticket was committed under LPS-26558.
        Hide
        Juan G added a comment -

        If this affects 6.1.0 GA and it's a security thread, wouldn't have to get into 6.1.1 GA2?

        Show
        Juan G added a comment - If this affects 6.1.0 GA and it's a security thread, wouldn't have to get into 6.1.1 GA2?
        Hide
        Samuel Kong added a comment -

        Thank Juan. Backported.

        Show
        Samuel Kong added a comment - Thank Juan. Backported.
        Hide
        Juan G added a comment -

        Thanks very much Samuel!

        Show
        Juan G added a comment - Thanks very much Samuel!

          People

          • Assignee:
            Samuel Kong
            Reporter:
            Samuel Kong
            Recent user:
            Randy Zhu
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 10 weeks, 1 day ago

              Development

                Structure Helper Panel