Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay XMLRPC Blind SSRF - Vulnerability Database

Liferay XMLRPC Blind SSRF

Description

Liferay XMLRPC servlet allows remote attackers to interact with internal network resources via Blind Server Side Request Forgery (SSRF). Consult Web References for more information about this problem.

Remediation

Restrict access to the vulnerable endpoints.

References

SSRF VS. BUSINESS-CRITICAL APPLICATIONS
SSRF bible. Cheatsheet

Related Vulnerabilities

Apache Solr SSRF CVE-2017-3164 Medium
Common tags: Code Execution Acumonitor SSRF
Oracle Weblogic T3 XXE (CVE-2019-2888) High
Common tags: Acumonitor SSRF
Keycloak request_uri SSRF (CVE-2020-10770) Medium
Common tags: Acumonitor SSRF
Oracle E-Business Suite SSRF (CVE-2017-10246) High
Common tags: Acumonitor SSRF
Paperclip gem SSRF (Server side request forgery) High
Common tags: Acumonitor SSRF

Severity

Medium

Classification

CWE-918
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution
Acumonitor
SSRF