Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CTS:LIFERAY-PORTAL-ID
Severity	Major
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Liferay Portal JSON Web Service Insecure Deserialization
Release Date	2020/06/04
Update Number	3287
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Liferay Portal JSON Web Service Insecure Deserialization

This signature detects attempts to exploit a known vulnerability against Liferay Portal. A successful attack can lead to arbitrary code execution.

Extended Description

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Affected Products

Liferay liferay_portal 7.2.0

References

CVE: CVE-2020-7961

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Liferay Portal JSON Web Service Insecure Deserialization

Extended Description

Affected Products

References