Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2011-1502 - Vulnerability Database
Liferay Portal

Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2011-1502

Medium
Reference: CVE-2011-1502
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-1502
Title: Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA when Apache Tomcat is used allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference related to an XML External Entity (aka XXE) issue.