Description

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

Remediation

References

CVE-2020-24554

Related Vulnerabilities

WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)

WordPress Plugin BulletProof Security Cross-Site Scripting (.50.9)

Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19213)

WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.8.1)

Severity

High

Classification

CVE-2020-24554 CWE-601

Tags

Missing Update Known Vulnerabilities