CST-7318 Database DoS in URL Redirections Management

Description

The redirect module in Liferay Portal 7.3.2 does not limit the number of URLs that result in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

Severity

Severity 1

Fixed Version(s)

Notes

CVE-2020-24554 has been assigned to this vulnerability.

Publication date: Mon, 31 Aug 2020 17:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.