Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-26930

Reconfigure Liferay to use a remote cache

    Details

      Description

      By sending a single HTTP request for a JSON service, the portal can be configured to use a remote Memcache that an attacker controls. This allows the attacker to read and/or manipulate any data that is stored in the database, essentially granting the attacker full control of the server.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                samuel.kong Samuel Kong
                Reporter:
                samuel.kong Samuel Kong
                Participants of an Issue:
                Recent user:
                Esther Sanz
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  7 years, 26 weeks, 6 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  6.2.0 CE M2