CST-7018 RCE via TunnelServlet

Description

TunnelServlet allows remote code execution by unauthenticated users.

Severity

Severity 1

Fixed Version(s)

Acknowledgments

This issue was reported by Jacob Baines

Publication date: Mon, 26 Jun 2017 09:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.