Liferay JSON Request Control Takeover

Dieses Thema: "Liferay JSON Request Control Takeover" im Forum "Security News" wurde erstellt von newsbot, 21.04.2012.

  1. #1 newsbot, 21.04.2012
    newsbot

    newsbot Foren Gott

    Dabei seit:
    26.11.2007
    Beiträge:
    9.905
    Zustimmungen:
    0
    Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.

    Weiterlesen...
     
  2. Anzeige

    Schau dir mal diesen Ratgeber an. Viele Antworten inkl. passender Shell-Befehle!
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
Thema:

Liferay JSON Request Control Takeover

Die Seite wird geladen...

Liferay JSON Request Control Takeover - Ähnliche Themen

  1. Liferay 6.1 No Account Access Bypass

    Liferay 6.1 No Account Access Bypass: Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included. Weiterlesen...
  2. Liferay 6.1 Name / Email Address Disclosure

    Liferay 6.1 Name / Email Address Disclosure: Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept...
  3. Liferay 6.1 Cross Site Request Forgery

    Liferay 6.1 Cross Site Request Forgery: Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included. Weiterlesen...
  4. Liferay 6.1 Default Configuration Compromise

    Liferay 6.1 Default Configuration Compromise: By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the...
  5. Liferay 6.0.5 ce WebDAV File Reading

    Liferay 6.0.5 ce WebDAV File Reading: By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce....