CVE-2020-24554
HIGHLiferay Portal < 7.3.3 - Denial of Service via Redirect Module
Title source: llmDescription
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://portal.liferay.dev/learn/security/known-vulnerabilities
Vendor Advisory x_refsource_confirm
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-601
Status
published
Products (2)
com.liferay.portal/release.portal.bom
0 - 7.3.3Maven
liferay/liferay_portal
< 7.3.3
Published
Sep 01, 2020
Tracked Since
Feb 18, 2026