Description

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

Remediation

References

CVE-2020-15839

Related Vulnerabilities

WordPress Plugin Advanced Ads-Ad Manager & AdSense Unspecified Vulnerability (1.7.1.1)

MySQL CVE-2019-2495 Vulnerability (CVE-2019-2495)

PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0062)

WordPress Plugin Sunshine Photo Cart Cross-Site Request Forgery (2.8.28)

WordPress Plugin Team Members Cross-Site Scripting (5.1.0)

Severity

Medium

Classification

CVE-2020-15839 CWE-434

Tags

Missing Update Known Vulnerabilities