Details

      Description

      6.1.X
      Servers using the FileSystemStore (default) or the AdvancedFileSystemStore to persist documents in the document library (dl.store.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

      6.0.X
      Servers using the FileSystemHook (default) or the AdvancedFileSystemHook to persist documents in the document library (dl.hook.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years ago

                Subcomponents