Security Listings
Description
SessionClicks in Liferay Portal and Liferay DXP does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
Severity
8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)
Affected Version(s)
- Liferay Portal 7.0.0 through 7.4.3.21
- Liferay DXP 7.4 GA through Update 9
- Liferay DXP 7.3 GA through Update 25
- Liferay DXP 7.2
- Liferay DXP 7.1
- Liferay DXP 7.0
- Liferay Portal 6.2 EE
Fixed Version(s)
- Liferay Portal 7.4.3.22
- Liferay DXP 7.4 Update 10
- Liferay DXP 7.3 Update 26
Publication Date:
October 7, 2024
Found a Bug?
If you have found, or think you have found a bug, help us to help you by letting us know!
Found a Security Vulnerability?
There's a different process available if you have a security issue to report...
Hall of Fame!
Raise your profile - report security vulnerabilities and enter the Hall of Fame!
Community
Company
Feedback