Veracode Vulnerability DatabaseVERACODE:27196Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
com.liferay.portal.vulcan.impl is vulnerable to denial of service (DoS). The vulnerability exists as it does not place any file size restrictions when handling Multipart/form-data requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.liferay.portal.vulcan.impl | le | 3.0.66 | |
| com.liferay.portal.vulcan.impl | le | 2.0.50 |
References
github.com/community-security-team/liferay-portal/compare/7.1.3-ga4...7.1.3-cumulative.patch
github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch
github.com/liferay/liferay-portal/commit/5382b19bf7998f1c68c35bfea73b16932e7a86d1
issues.liferay.com/browse/LPE-17029
issues.liferay.com/browse/LPE-17055
portal.liferay.dev/learn/security/known-vulnerabilities
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P