Unlimited 404 Error Redirect Denial of Service Vulnerability in Liferay Portal

Unlimited 404 Error Redirect Denial of Service Vulnerability in Liferay Portal

CVE-2020-24554 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

Learn more about our Web Application Penetration Testing UK.