Main Vulnerability Database Vulnerabilities #VU12203

Disk consumption in Liferay Enterprise Portal - #VU12203

Published: April 26, 2018

Vulnerability identifier: #VU12203

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Liferay

Affected software:
Liferay Enterprise Portal

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system

The weakness exists due to an error when using Xuggler. A remote attacker can create a large number of temporary files during video playback when Xuggler is enabled for video conversion, trigger disk consumption and cause the service to crash.

Remediation

Update to version 7.0 CE GA6 (7.0.5) or later.

Sources

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...

Disk consumption in Liferay Enterprise Portal - #VU12203

Detailed vulnerability description

Remediation

Sources

Please verify you're human