Vulnerability Note VU#767825
Liferay Portal fails to protect against CSRF
Liferay Portal fails to properly protect against Cross-Site Request Forgery (CSRF). This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon.
A remote attacker may be able to forge requests that the Liferay Portal takes action upon.
This issue is addressed in Liferay version 4.4.0, as specified in Liferay support document LEP-4739. Version 4.4.0 forces requests to be in POST format, which helps mitigate CSRF attacks.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Liferay, Inc.||Affected||-||31 Jan 2008|
CVSS Metrics (Learn More)
Thanks to Tomasz Kuczynski for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CVE-2008-0182
- Date Public: 10 Jan 2008
- Date First Published: 31 Jan 2008
- Date Last Updated: 31 Jan 2008
- Severity Metric: 4.39
- Document Revision: 1
If you have feedback, comments, or additional information about this vulnerability, please send us email.