CST-7317 DoS vulnerability with multipart/form-data requests

Description

Liferay Portal before 7.3.3 does not restrict the size of ‘multipart/form-data’ encoded form post, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files(s).

Severity

Severity 1

Fixed Version(s)

Notes

CVE-2020-15839 has been assigned to this vulnerability.

Publication date: Mon, 31 Aug 2020 17:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.