CVE-2011-1502

Liferay Portal 6.0.0-6.0.5 - Authenticated XML External Entity Injection

Title source: llm
STIX 2.1

Description

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

References (4)

Core 4
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
http://issues.liferay.com/browse/LPS-14927
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/08/5
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/11/9
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/29/1

Scores

EPSS 0.0051
EPSS Percentile 66.8%

Details

CWE
CWE-200
Status published
Products (1)
liferay/liferay_portal 6.0.0 - 6.0.5
Published May 07, 2011
Tracked Since Feb 18, 2026