Description

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Related Vulnerabilities

CVE-2023-34467 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui

CVE-2021-21689 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-6447 Vulnerability in maven package org.jboss.seam:jboss-seam

CVE-2022-41678 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2016-0791 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory