CVE-2011-1503

LOW

Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

References

http://issues.liferay.com/browse/LPS-13762

http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

http://openwall.com/lists/oss-security/2011/03/29/1

http://openwall.com/lists/oss-security/2011/04/08/5

http://openwall.com/lists/oss-security/2011/04/11/9

Details

Source: MITRE

Published: 2011-05-07

Updated: 2011-05-31

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW