Vulnerability Details CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://issues.liferay.com/browse/LPS-14726
- http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
- http://openwall.com/lists/oss-security/2011/03/29/1
- http://openwall.com/lists/oss-security/2011/04/08/5
- http://openwall.com/lists/oss-security/2011/04/11/9
- http://issues.liferay.com/browse/LPS-14726
- http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
- http://openwall.com/lists/oss-security/2011/03/29/1
- http://openwall.com/lists/oss-security/2011/04/08/5
- http://openwall.com/lists/oss-security/2011/04/11/9
Products affected by CVE-2011-1571
-
cpe:2.3:a:liferay:liferay_portal:*
-
cpe:2.3:a:liferay:liferay_portal:6.0.0
-
cpe:2.3:a:liferay:liferay_portal:6.0.5