Arbitrary File Read Vulnerability in Liferay Portal Community Edition

Arbitrary File Read Vulnerability in Liferay Portal Community Edition

CVE-2011-1503 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Learn more about our Cis Benchmark Audit For Apache Http Server.