OSVDB ID: 86592

Title: Liferay Portal Crafted URL Parsing Arbitrary User Account Deletion

Info

Disclosure

Oct 23, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 23, 2012

Description

Liferay Portal contains a flaw that is triggered when an error occurs during the parsing of a specially crafted URL. Due to improper access controls, an unauthorized user may be able to manipulate other accounts. This may allow a remote attacker to delete arbitrary user accounts.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

The vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section. There are no known workarounds or upgrades to correct this issue.

Products

Liferay Inc.

Liferay Portal

6.1 CE GA2 (6.1.1)

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/86592