Getting Redirected to Login portlet when accessing /image

RE: Getting Redirected to Login portlet when accessing /image

2021-03-12T11:12:01Z

If it's an EE version, you can open a support ticket ask whether a security fix is avaliable for your problem.

RE: RE: Getting Redirected to Login portlet when accessing /image

2021-03-12T18:07:26Z

Thanks Manish, this is what we did to get the work done.

RE: Getting Redirected to Login portlet when accessing /image

2021-03-12T18:07:26Z

Thanks for the help, this is what we did and got it blocked from web server.

RE: Getting Redirected to Login portlet when accessing /image

2021-03-12T07:12:41Z

You may restrict url at web server level. (httpd.conf )

Getting Redirected to Login portlet when accessing /image

2021-02-01T10:57:54Z

Hi,

We recently received a Vulnerability that is as below (Liferay 6.2 EE)

When we manupulate custom login portlet URL. https://www.mycustomlogin/login to https://www.mycustomlogin/image I get redirected to the Liferay Login portlet which exposes the full URL (https://www.mycustomlogin/inicio?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fimage)

and after this URL can be modified to get access to search portlet(p_p_id=3). can you help us with the way to change this behavious as we do not want to expose our control panel login and search portlet.

I am new to liferay but i tried introducing a custom filter but it looks request is getting intercepted before request is received by my filter.

Thanks in Advance.