WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)

Description

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

Remediation

References

Related Vulnerabilities

MySQL CVE-2018-3063 Vulnerability (CVE-2018-3063)

WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.9.3)

WordPress Plugin WebP Express Unspecified Vulnerability (0.14.21)

WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)

Severity

High

Classification

CVE-2020-24554 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities