Description
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
Remediation
References
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956
https://portal.liferay.dev/learn/security/known-vulnerabilities
Related Vulnerabilities
CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-32695 Vulnerability in maven package org.webjars.npm:socket.io-parser
CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2018-1322 Vulnerability in maven package org.apache.syncope:syncope-core
CVE-2023-36477 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ckeditor-ui