Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.

Weiterlesen... (http://packetstormsecurity.org/files/112037/liferayjson-takeover.tgz)