CVE-2011-1571

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://openwall.com/lists/oss-security/2011/04/08/5	Mailing List Third Party Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952	Release Notes Vendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1	Mailing List Third Party Advisory
http://issues.liferay.com/browse/LPS-14726	Issue Tracking Vendor Advisory
http://openwall.com/lists/oss-security/2011/04/11/9	Mailing List Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:liferay:liferay_portal:::::community:::*
	cpe:2.3:a:liferay:liferay_portal:::::community:::*

Information

Published : 2011-05-07 12:55

Updated : 2020-07-23 11:27

NVD link : CVE-2011-1571

Mitre link : CVE-2011-1571

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

liferay

liferay_portal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://openwall.com/lists/oss-security/2011/04/08/5", "name": "[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952", "name": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/03/29/1", "name": "[oss-security] 20110329 CVE requests : Liferay 6.0.6", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://issues.liferay.com/browse/LPS-14726", "name": "http://issues.liferay.com/browse/LPS-14726", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/04/11/9", "name": "[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1571", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-05-07T19:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.1.2", "versionStartIncluding": "5.1.0"}, {"cpe23Uri": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-07-23T18:27Z"}