Description
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
Remediation
References
https://portal.liferay.dev/learn/security/known-vulnerabilities
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956
Related Vulnerabilities
CVE-2016-10365 Vulnerability in npm package kibana
CVE-2012-5887 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-33940 Vulnerability in maven package com.liferay:com.liferay.client.extension.type.impl
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-framework
CVE-2023-37952 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration