Description

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Related Vulnerabilities

CVE-2017-1000084 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-trigger

CVE-2023-34465 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authorization-bridge

CVE-2019-1003024 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2018-1000136 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-34149 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory