Multiple vulnerabilities in Liferay Enterprise Portal



Published: 2018-04-26
Risk Low
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2017-9801
CWE-ID CWE-79
CWE-264
CWE-200
CWE-400
CWE-601
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Liferay Enterprise Portal
Web applications / CMS

Vendor Liferay

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU12189

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU12192

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system

The weakness exists due to multiple permission issues. A remote attacker can bypass security restrictions and perform actions on resources which they are not authorized to perform.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU12194

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system

The weakness exists due to password exposure in System Settings. A remote attacker can view passwords in the System Settings section of the Control Panel.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Disk consumption

EUVDB-ID: #VU12203

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system

The weakness exists due to an error when using Xuggler. A remote attacker can create a large number of temporary files during video playback when Xuggler is enabled for video conversion, trigger disk consumption and cause the service to crash.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Privilege escalation

EUVDB-ID: #VU12204

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to unauthorized access to system portlets/applications. A remote attacker can modify system settings to gain administration privileges.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Open redirect

EUVDB-ID: #VU12206

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists due to open redirect in Asset Publisher. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU12208

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system

The weakness exists due to insufficient input validation. A local attacker can submit specially crafted URL and access all files within the application's WAR folder.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Spoofing attack

EUVDB-ID: #VU12210

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The weakness exists due to insufficient input validation. A remote attacker can use URL manipulation in applications that support tags to spoof content and mislead users.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU7654

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9801

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary files.

The weakness exists due to improper input validation flaw in the setSubject() method. A remote attacker can supply a specially crafted value containing line break characters, inject SMTP headers and perform further attack.

Mitigation

Update to version 7.0 CE GA6 (7.0.5) or later.

Vulnerable software versions

Liferay Enterprise Portal: 7.0 CE GA5

External links

http://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7045-smtp-header-injection-vulnerability-via-commons-email?inheritRedirect=false&redirect=https%3A%2F%2Fdev.liferay.com%2Fweb%2Fcommunity-security-team%2Fknown-vulnerabilities%3Fp_p_id%3D101_INSTANCE_4AHAYapUm8Xc%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_p_col_id%3Dcolumn-1%26p_p_col_pos%3D1%26p_p_col_count%3D4


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###