Liferay Portal < 6.0.6 Multiple Vulnerabilities

High Nessus Plugin ID 59230

Synopsis

The remote web server contains a Java application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by multiple vulnerabilities :

- An arbitrary file download vulnerability exists when Apache Tomcat is used, which allows remote, authenticated users to download arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. (CVE-2011-1502)

- An arbitrary file download vulnerability exists when Apache Tomcat or Oracle GlassFish is used. The XSL Content portlet allows remote, authenticated users to read arbitrary XSL / XML files via a file:/// URL.
(CVE-2011-1503)

- A cross-site scripting vulnerability exists, which allows remote, authenticated users to inject arbitrary JavaScript or HTML via a blog title. (CVE-2011-1504)

- A cross-site scripting vulnerability exists when Apache Tomcat is used, which allows remote, authenticated users to inject arbitrary JavaScript or HTML via a message title. (CVE-2011-1570)

- An unspecified vulnerability exists when Apache Tomcat is used. The XSL Content portlet allows remote attackers to execute arbitrary commands via unknown vectors.
(CVE-2011-1571)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Liferay Portal 6.0.6 or later.

See Also

https://www.openwall.com/lists/oss-security/2011/03/29/1

http://www.nessus.org/u?7bdf9956

https://issues.liferay.com/browse/LPS-11506

https://issues.liferay.com/browse/LPS-12628

https://issues.liferay.com/browse/LPS-13250

https://issues.liferay.com/browse/LPS-14726

https://issues.liferay.com/browse/LPS-14927

http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_Liferay

Plugin Details

Severity: High

ID: 59230

File Name: liferay_6_0_6.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 2012/05/22

Modified: 2018/11/15

Dependencies: 59228

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:liferay:portal

Required KB Items: www/liferay_portal

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/29

Vulnerability Publication Date: 2011/03/29

Reference Information

CVE: CVE-2011-1502, CVE-2011-1503, CVE-2011-1504, CVE-2011-1570, CVE-2011-1571

BID: 47082, 73497

EDB-ID: 18715

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990