CST-7065 DoS and MiM vulnerabilities in Apache Commons HttpClient

Description

The RSS portlet and FuseMail integration in Liferay Portal 7.0.2 and earlier uses a version of Apache Commons HttpClient which allows man-in-the-middle attackers to intercept and modify communication with the portal.

Severity

Severity 1

Fixed Version(s)

Publication date: Mon, 02 Mar 2020 07:21:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.