Liferay: >> Liferay Portal >> 7.3.2 Security Vulnerabilities
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
CVSS Score
6.5
EPSS Score
0.011
Published
2020-09-22
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-01
Page 9