Arbitrary File Read Vulnerability in Liferay Portal Community Edition
CVE-2011-1503 · LOW Severity
AV:N/AC:M/AU:S/C:P/I:N/A:N
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Learn more about our Cis Benchmark Audit For Apache Http Server.