Details

      Description

      By carefully constructing a HTTP POST request, an attacker can execute any of the portal's web services. This vulnerability allows the attacker to circumvent both the permission system and the protection provided by the SecureFilter's portal properties:

      xxx.servlet.hosts.allowed
      xxx.servlet.https.required

        Activity

        Hide
        samuel.kong Samuel Kong added a comment -

        The code for this ticket was committed under LPS-27046, LPS-27101, LPS-27102.

        Show
        samuel.kong Samuel Kong added a comment - The code for this ticket was committed under LPS-27046, LPS-27101, LPS-27102.

          People

          • Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            samuel.kong Samuel Kong
            Recent user:
            Esther Sanz
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              4 years, 8 weeks, 4 days ago

              Development

                Subcomponents