Release date:
Updated on:
Affected Systems:
Liferay, Inc. Liferay Portal 6.1.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56589
Liferay Portal is a complete Portal solution. It is based on J2EE applications and uses EJB and JMS technologies.
The Liferay Portal 6.1 CE GA2 (6.1.1) and other versions have multiple Arbitrary File Deletion, information leakage, and Arbitrary File Creation vulnerabilities, after successful exploitation, attackers can delete arbitrary files, obtain sensitive information, or create arbitrary files.
<* Source: Amos Fong
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Liferay, Inc.
-------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.liferay.com/