{"type": "saint", "published": "2014-12-31T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/liferay_portal_apache_felix", "bulletinFamily": "exploit", "id": "SAINT:6903627E03B3C23538C396C32D835A53", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 1.2, "vector": "NONE", "modified": "2016-12-14T16:58:04", "rev": 2}, "dependencies": {"references": [], "modified": "2016-12-14T16:58:04", "rev": 2}, "vulnersScore": 1.2}, "edition": 1, "viewCount": 10, "cvelist": [], "references": [], "lastseen": "2016-12-14T16:58:04", "reporter": "SAINT Corporation", "modified": "2014-12-31T00:00:00", "title": "Liferay Portal Apache Felix command injection", "description": "Added: 12/31/2014 \nOSVDB: [116510](<http://www.osvdb.org/116510>) \n\n\n### Background\n\n[Liferay Portal](<https://www.liferay.com/products/liferay-portal/overview>) is an enterprise web platform for building business solutions. [Apache Felix](<http://felix.apache.org/>) is an implementation of the [OSGi Framework and Service platform](<http://www.osgi.org/Specifications/HomePage>). \n\n### Problem\n\nLiferay Portal is affected by a vulnerability which could allow remote attackers to execute arbitrary commands due to exposure of Apache Felix. \n\n### Resolution\n\nUpgrade to Liferay Portal 7.0.3. \n\n### References\n\n<http://www.exploit-db.com/exploits/35652/> \n\n\n### Limitations\n\nExploit works on Windows 7. \n\n### Platforms\n\nWindows \n \n\n"}

{}