Detections
Analytics

Liferay Portal 6.1.x < 6.1 CE GA3 (6.1.2) Multiple Vulnerabilities

medium Nessus Plugin ID 73470

Language:

Synopsis

The remote web server contains a Java application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Liferay Portal running on the remote host is 6.1.x or later but prior to 6.1.2. It is, therefore, potentially affected by multiple vulnerabilities.

 - A flaw exists where a guest user may view any journal structure or template if they know the specific ID of that element. (LPS-28550)

 - A flaw exists with the setupwizard where regardless of what is specified when an account is created, a [email protected] default account with a default password is made. This could allow a remote attacker to access the program or system and attempt to gain privileged access. (LPS-29061)

 - An unauthorized information disclosure flaw exists due to failing to restrict access to private announcements when parsing a crafted URL. This could allow a remote attacker with a specially crafted URL to gain access to potentially sensitive information. (LPS-29148)

 - A cross-site scripting flaw exists where input to the 'comments' field is not validated when requesting membership to a restricted site. This could allow a remote attacker with a specially crafted request to execute arbitrary code within the browser and server trust relationship. (LPS-29338)

 - A flaw exists when handling an organization's permission where an omni-admin is a member of an organization. This could allow the organization's administrator to rest the omni-admin's password. (LPS-30093)

 - A flaw exists with the document and media portlets where user's without permission can create folders and files in the root folder. The user can do this by creating the folder or file elsewhere and moving it into the root folder. (LPS-30437)

 - A flaw exists where users can be deleted from the portal. A remote attacker with a specially constructed URL can delete a user if they know that user's email address. (LPS-30586)

 - A flaw exists with the Knowledge Base portlet. A user with permission to delete an attachment could delete any file on the server, using a specially constructed URL.
 (LPS-30796)

Note that Nessus has relied only on the self-reported version number and has not actually tried to exploit these issues or determine if the associated patches have been applied.

Solution

Upgrade to Liferay Portal 6.1.2 or later, or apply the associated patches.

See Also

https://web.liferay.com/community/security-team/known-vulnerabilities

http://www.nessus.org/u?575d8fd9

http://www.nessus.org/u?f60fe3cd

http://www.nessus.org/u?b2c293cd

http://www.nessus.org/u?0298c4f3

http://www.nessus.org/u?60176e0d

http://www.nessus.org/u?fe26f6cc

http://www.nessus.org/u?2bb6cebc

http://www.nessus.org/u?5c288cd6

Plugin Details

Severity: Medium

ID: 73470

File Name: liferay_6_1_2.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 4/11/2014

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:liferay:portal

Required KB Items: Settings/ParanoidReport, www/liferay_portal

Exploit Ease: No known exploits are available

Patch Publication Date: 8/1/2013

Vulnerability Publication Date: 10/23/2012

Reference Information

BID: 56226, 56589

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990