Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-1503
cve-2011-1503
liferay portal
xsl content portlet
ce
apache tomcat
oracle glassfish
file:/// url
security vulnerability
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.8%
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Affected configurations
Node
liferayliferay_portalRange5.1.0–5.1.2community
ORliferayliferay_portalRange5.2.0–5.2.3community
ORliferayliferay_portalRange6.0.0–6.0.5community
linuxlinux_kernelMatch-
ORmicrosoftwindows_7Match-
Related
nvd
nvd
CVE-2011-1503
2011-05-07 19:55:00
cvelist
cvelist
CVE-2011-1503
2022-10-03 16:15:10
veracode
veracode
Directory Traversal
2019-03-25 08:40:40
prion
prion
Design/Logic Flaw
2011-05-07 19:55:00
nessus
nessus
Liferay Portal < 6.0.6 Multiple Vulnerabilities
2012-05-22 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.8%
Related for CVE-2011-1503