Main Vulnerability Database Vulnerabilities #VU12203

#VU12203 Disk consumption in Liferay Enterprise Portal

Published: April 26, 2018

Vulnerability identifier: #VU12203

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Liferay Enterprise Portal

Software vendor:
Liferay

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system

The weakness exists due to an error when using Xuggler. A remote attacker can create a large number of temporary files during video playback when Xuggler is enabled for video conversion, trigger disk consumption and cause the service to crash.

Remediation

Update to version 7.0 CE GA6 (7.0.5) or later.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapU...

#VU12203 Disk consumption in Liferay Enterprise Portal

Description

Remediation

External links

Please verify you're human