PT-2020-14662 · Liferay · Liferay Portal+1
Published
2020-09-22
·
Updated
2024-01-31
·
CVE-2020-15839
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions prior to 7.3.3
Liferay DXP 7.1 versions prior to fix pack 18
Liferay DXP 7.2 versions prior to fix pack 6
Description
The issue allows remote authenticated users to conduct denial-of-service attacks by uploading large files due to a lack of restriction on the size of a multipart/form-data POST action.
Recommendations
For Liferay Portal versions prior to 7.3.3, update to version 7.3.3 or later.
For Liferay DXP 7.1 versions prior to fix pack 18, apply fix pack 18 or later.
For Liferay DXP 7.2 versions prior to fix pack 6, apply fix pack 6 or later.
Fix
DoS
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal