Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05

From 1.2 to 1.1 From 9.1 to 8.1

From version

8.1

edited by Nicolas Gregoire
on 2012/01/13 14:05

Change comment: There is no comment for this version

To version

1.2

edited by Nicolas Gregoire
on 2012/01/13 13:53

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Attachments (0 modified, 0 added, 2 removed)
- liferay-execute-commands-with-stdout.png
- liferay-read-etc-passwd-via-xee.png

Details

Page properties

Content

@@ -6,23 +6,14 @@
++LIferay includes numerous portlets. The "XSL Content" portlet displays the result of the XSL transformation of a XML document. The XSLT engine used by default is [[Xalan-J>>Engine_Saxon]] (but this can probably modified easily using [[JAXP>>http://en.wikipedia.org/wiki/Java_API_for_XML_Processing||rel="__blank"]]). As Xalan-J allows by default to execute Java code from the stylesheet, that's an easy to exploit vulnerability. Any logged-in user can execute arbitrary Java code in the context of the Web Application server (usually Tomcat) : [[CVE-2011-1571>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1571||rel="__blank"]].
--== Java code execution ==
--LIferay includes numerous portlets. The "XSL Content" portlet displays the result of the XSL transformation of a XML document. The XSLT engine used by default is [[Xalan-J>>Engine_Saxon]] (but this can probably modified easily using [[JAXP>>http://en.wikipedia.org/wiki/Java_API_for_XML_Processing||rel="__blank"]]). As Xalan-J allows by default to execute Java code from the stylesheet, that's an easy to exploit vulnerability. Any logged-in user can execute arbitrary Java code in the context of the Web Application server (usually Tomcat) : [[CVE-2011-1571>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1571||rel="__blank"]].
--== Additional vulnerabilities ==
--Two others vulnerabilities were identified in the "XSL Content" portlet :
++__Note :__ Two others vulnerabilities were identified in the "XSL Content" portlet :
  * CVE-2011-1503 : allows to read XML files via a file:~/~/ URL
  * CVE-2011-1502 : allows to read UTF-8 files and to list directories via a XEE (XML External Entity) attack
--
--
--
--
--Reading /etc/passwd using CVE-2011-1502 :
--
--[[image:liferay-read-etc-passwd-via-xee.png||style="display: block; margin-left: auto; margin-right: auto"]]

liferay-execute-commands-with-stdout.png

Author

...	...	@@ -1,1 +1,0 @@
1		-xwiki:XWiki.NicolasGregoire

Size

...	...	@@ -1,1 +1,0 @@
1		-77.9 KB

Content

liferay-read-etc-passwd-via-xee.png

Author

...	...	@@ -1,1 +1,0 @@
1		-xwiki:XWiki.NicolasGregoire

Size

...	...	@@ -1,1 +1,0 @@
1		-64.6 KB

Content

Changes for page Application_Liferay

Summary

Details

Welcome

Recently Modified

Changes for page Application_Liferay

Summary

Details

Welcome

Recently Modified

Tag Cloud