Liferay Portal Apache Felix command injection

Added: 12/31/2014
OSVDB: 116510

Background

Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform.

Problem

Liferay Portal is affected by a vulnerability which could allow remote attackers to execute arbitrary commands due to exposure of Apache Felix.

Resolution

Upgrade to Liferay Portal 7.0.3.

References

http://www.exploit-db.com/exploits/35652/

Limitations

Exploit works on Windows 7.

Platforms

Windows

Back to exploit index