Description
Liferay TunnelServlet is vulnerable to deserialization attacks and, due to incorrect configuration, is accessible to an attacker (by default, it is restricted to localhost only). Depending on exact version of Liferay Portal, an attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.
Remediation
Restrict access to the vulnerable endpoints.
References
Related Vulnerabilities
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)
Apache OFBiz SOAPService Deserialization RCE
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)
Ektron CMS unauthenticated code execution and Local File Read