Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download
Medium Nessus Plugin ID 59231
SynopsisThe remote web server contains a Java application affected by an arbitrary file download vulnerability.
DescriptionAccording to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by an arbitrary file download vulnerability. A remote, authenticated attacker may be able to download arbitrary files using a specially crafted WebDAV request.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Liferay Portal 6.1.0 or later.