Lucene search
RedhatCVE-2011-1502HistoryMay 07, 2011 - 7:55 p.m.
CVE-2011-1502
2011-05-0719:55:00
CWE-200
redhat
web.nvd.nist.gov
30
liferay
portal
ce
6.x
6.0.6
ga
xxe
cve-2011-1502
apache tomcat
xml external entity
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
52.5%
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
Affected configurations
Node
liferayliferay_portalRange6.0.0–6.0.5community
| Vendor | Product | Version | CPE |
|---|---|---|---|
| liferay | liferay_portal | * | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:* |
Related
veracode
veracode
XML External Entity (XXE)
2019-03-25 08:40:41
cvelist
cvelist
CVE-2011-1502
2011-05-07 19:00:00
nvd
nvd
CVE-2011-1502
2011-05-07 19:55:00
prion
prion
Design/Logic Flaw
2011-05-07 19:55:00
nessus
nessus
Liferay Portal < 6.0.6 Multiple Vulnerabilities
2012-05-22 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
52.5%
Related for CVE-2011-1502