CST-7140 DoS vulnerability via unresponsive DNS servers

Description

The open redirect protection component in Liferay Portal 7.1 CE GA4, and possibly earlier unsupported versions, is vulnerable to denial of service (DoS) attacks via requests to domains whose DNS server is unresponsive.

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 25 Jun 2019 22:36:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.