Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05
From version Icon 7.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 14:05
Change comment: There is no comment for this version
To version Icon 4.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 14:02
Change comment: Upload new image liferay-read-etc-passwd-via-xee.png

Summary

Details

Icon Page properties
Content
... ... @@ -14,12 +14,12 @@
14 14  
15 15  == Additional vulnerabilities ==
16 16  
17 +
18 +
19 +
20 +
17 17  Two others vulnerabilities were identified in the "XSL Content" portlet :
18 18  
19 19  * CVE-2011-1503 : allows to read XML files via a file:~/~/ URL
20 20  
21 21  * CVE-2011-1502 : allows to read UTF-8 files and to list directories via a XEE (XML External Entity) attack
22 -
23 -Reading /etc/passwd using CVE-2011-1502 :
24 -
25 -[[image:liferay-read-etc-passwd-via-xee.png||style="display: block; margin-left: auto; margin-right: auto"]]
Icon liferay-execute-commands-with-stdout.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -77.9 KB
Content Icon