CVE-2011-1571

Liferay Portal CE <6.0.6 - RCE

Title source: llm

Description

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

Exploits (2)

nomisec WORKING POC 1 stars

by noobpk · poc

https://github.com/noobpk/CVE-2011-1571

View Code ZIP pw:eip

exploitdb WORKING POC

by Spencer McIntyre · rubywebappsmultiple

https://www.exploit-db.com/exploits/18715

View Code ZIP pw:eip

References (5)

[Issue Tracking, Vendor Advisory] http://issues.liferay.com/browse/LPS-14726

[Release Notes, Vendor Advisory] http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/03/29/1

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/08/5

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/11/9

Scores

EPSS 0.0740

EPSS Percentile 91.6%

Classification

Status draft

Affected Products (2)

liferay/liferay_portal < 5.1.2

com.liferay.portal/portal-service < 6.0.6-gaMaven

Timeline

Published May 07, 2011

Tracked Since Feb 18, 2026