Liferay Portal Apache Felix command injection

2014-12-31T00:00:00
ID SAINT:6903627E03B3C23538C396C32D835A53
Type saint
Reporter SAINT Corporation
Modified 2014-12-31T00:00:00

Description

Added: 12/31/2014
OSVDB: 116510

Background

Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform.

Problem

Liferay Portal is affected by a vulnerability which could allow remote attackers to execute arbitrary commands due to exposure of Apache Felix.

Resolution

Upgrade to Liferay Portal 7.0.3.

References

<http://www.exploit-db.com/exploits/35652/>

Limitations

Exploit works on Windows 7.

Platforms

Windows