CVE-2011-1503 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2011-1503?

CVE-2011-1503 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1503?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Linux Linux Kernel, Microsoft Windows 7.

Vulnerability Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Liferay	Liferay Portal	>= 5.1.0, <= 5.1.2
Linux	Linux Kernel	-
Microsoft	Windows 7	-

Related Weaknesses (CWE)

CWE-200

References

http://issues.liferay.com/browse/LPS-13762Issue TrackingVendor Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&pIssue TrackingRelease NotesVendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9Mailing ListThird Party Advisory
http://issues.liferay.com/browse/LPS-13762Issue TrackingVendor Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&pIssue TrackingRelease NotesVendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9Mailing ListThird Party Advisory

FAQ

What is CVE-2011-1503?

CVE-2011-1503 is a vulnerability with a CVSS score of 3.5 (LOW). The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XS...

How severe is CVE-2011-1503?

CVE-2011-1503 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1503?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Linux Linux Kernel, Microsoft Windows 7.