Vulnerability Description
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Portal | >= 5.1.0, <= 5.1.2 |
References
- http://issues.liferay.com/browse/LPS-14726Issue TrackingVendor Advisory
- http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&pRelease NotesVendor Advisory
- http://openwall.com/lists/oss-security/2011/03/29/1Mailing ListThird Party Advisory
- http://openwall.com/lists/oss-security/2011/04/08/5Mailing ListThird Party Advisory
- http://openwall.com/lists/oss-security/2011/04/11/9Mailing ListThird Party Advisory
- http://issues.liferay.com/browse/LPS-14726Issue TrackingVendor Advisory
- http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&pRelease NotesVendor Advisory
- http://openwall.com/lists/oss-security/2011/03/29/1Mailing ListThird Party Advisory
- http://openwall.com/lists/oss-security/2011/04/08/5Mailing ListThird Party Advisory
- http://openwall.com/lists/oss-security/2011/04/11/9Mailing ListThird Party Advisory
FAQ
What is CVE-2011-1571?
CVE-2011-1571 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary comm...
How severe is CVE-2011-1571?
CVE-2011-1571 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1571?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal.