Description

Liferay XMLRPC servlet allows remote attackers to interact with internal network resources via Blind Server Side Request Forgery (SSRF). Consult Web References for more information about this problem.

Remediation

Restrict access to the vulnerable endpoints.

References

SSRF VS. BUSINESS-CRITICAL APPLICATIONS

SSRF bible. Cheatsheet

Related Vulnerabilities

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)

Code Evaluation (Apache Struts) S2-016

WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor SSRF