← Back

CVE-2011-1503

nvd nist
Published: May 7, 2011Modified: Apr 29, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:P/I:N/A:N
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Affected (3)

Liferay
1 product
Liferay Portal
Configuration A
3 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Liferay
Liferay Portal
From 5.1.0 to 5.1.2
Liferay Portal
From 5.2.0 to 5.2.3
Liferay Portal
From 6.0.0 to 6.0.5
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows 7
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
Issue TrackingRelease NotesVendor Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingRelease NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.