Description

Liferay TunnelServlet is vulnerable to deserialization attacks and, due to incorrect configuration, is accessible to an attacker (by default, it is restricted to localhost only). Depending on exact version of Liferay Portal, an attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.

Remediation

Restrict access to the vulnerable endpoints.

References

TRA-2017-01

LPE-15538

Related Vulnerabilities

Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1

Code Evaluation (Apache Struts) S2-045

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)

Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)

Microsoft IIS 6.0 WebDAV Buffer Overflow

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Denial Of Service Acumonitor Insecure Deserialization