Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-51061

HTTP host header manipulation

    XMLWordPrintable

    Details

      Description

      The portal is vulnerable to HTTP host header attacks. This vulnerability can be used for web cache poisoning or for password reset poisoning.

        Attachments

          Issue Links

          duplicates

          Regression Bug - Used by Liferay QA to indicate an issue discovered during regression testing LPS-49143 Host header validation is not applied consistently and doesn't whitelist IPv6 localhost address [::1]

          • Closed

            Activity

              People

              Assignee:
              samuel.kong Samuel Kong
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 14 weeks, 5 days ago

                  Packages

                  Version Package
                  6.2.1 CE GA2