Liferay Portal < 6.0.6 Multiple Vulnerabilities

NASLDB: Liferay Portal < 6.0.6 Multiple Vulnerabilities

General

ID: 59230
Name: Liferay Portal < 6.0.6 Multiple Vulnerabilities

Summary: Checks the version of Liferay Portal

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 80
Family: CGI abuses
Type: Remote

Description

According to its self-reported version number, the installation of
Liferay Portal hosted on the remote web server is affected by multiple
vulnerabilities :

– An arbitrary file download vulnerability exists when
Apache Tomcat is used, which may allow remote,
authenticated users to download arbitrary files via an
entity declaration in conjunction with an entity
reference, related to an XML External Entity (aka XXE)
issue. (CVE-2011-1502)

– An arbitrary file download vulnerability exists when
Apache Tomcat or Oracle GlassFish is used. The XSL
Content portlet may allow remote, authenticated users to
read arbitrary XSL / XML files via a file:/// URL.
(CVE-2011-1503)

– A cross-site scripting vulnerability exists, which may
allow remote, authenticated users to inject arbitrary
JavaScript or HTML via a blog title. (CVE-2011-1504)

– A cross-site scripting vulnerability exists when Apache
Tomcat is used, which may allow remote, authenticated
users to inject arbitrary JavaScript or HTML via a
message title. (CVE-2011-1570)

– An unspecified vulnerability exists when Apache Tomcat
is used. The XSL Content portlet may allow remote
attackers to execute arbitrary commands via unknown
vectors. (CVE-2011-1571)

Note that Nessus has not tested for the issues, but instead has relied
only on the application’s self-reported version number.