Details

      Description

      6.1.X
      Servers using the FileSystemStore (default) or the AdvancedFileSystemStore to persist documents in the document library (dl.store.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

      6.0.X
      Servers using the FileSystemHook (default) or the AdvancedFileSystemHook to persist documents in the document library (dl.hook.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            samuel.kong Samuel Kong
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              9 years, 16 weeks, 5 days ago

                Packages

                Version Package
                6.0.X EE
                6.1.1 CE GA2
                6.1.10 EE GA1
                6.1.20 EE GA2
                --Sprint 11/12
                6.2.0 CE M2