Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1
I ran into a security issue in liferay 6.0.6 that turned out to be fixed in trunk already
It was independently discovered by another person.
The ticket that was created for this issue is
The issue was resolved in the following way :
Proxying is allowed only when :
1. The domain is listed in a whitelist
2. The domain is that of a virtual host assigned to a Liferay layout set
This is not sufficient. For instance If :
You had Liferay set up with the Solr plugin and
You are running Solr on the same host using the default standalone server
Then an attacker could in many cases directly access Solr by specifying a liferay layoutset host but the solr port. This would allow access to all data stored within solr.
This also could be used as a tool to figure out what services are available on the server
For example :
The response of
indicates that liferay.com is running mysql