Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2011-1503 - Vulnerability Database
Liferay Portal

Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2011-1503

Low
Reference: CVE-2011-1503
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-1503
Title: Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA when Apache Tomcat or Oracle GlassFish is used allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.