Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2020-15839

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

Software From Fixed in
liferay / liferay_portal - 7.3.3
liferay / digital_experience_platform 7.2 7.2.x
liferay / digital_experience_platform 7.2-fix_pack_1 7.2-fix_pack_1.x
liferay / digital_experience_platform 7.2-fix_pack_2 7.2-fix_pack_2.x
liferay / digital_experience_platform 7.2-fix_pack_3 7.2-fix_pack_3.x
liferay / digital_experience_platform 7.2-fix_pack_5 7.2-fix_pack_5.x
liferay / digital_experience_platform 7.2-fix_pack_4 7.2-fix_pack_4.x
liferay / digital_experience_platform 7.1-fix_pack_6 7.1-fix_pack_6.x
liferay / digital_experience_platform 7.1-fix_pack_9 7.1-fix_pack_9.x
liferay / digital_experience_platform 7.1-fix_pack_10 7.1-fix_pack_10.x
liferay / digital_experience_platform 7.1-fix_pack_11 7.1-fix_pack_11.x
liferay / digital_experience_platform 7.1-fix_pack_12 7.1-fix_pack_12.x
liferay / digital_experience_platform 7.1-fix_pack_13 7.1-fix_pack_13.x
liferay / digital_experience_platform 7.1-fix_pack_14 7.1-fix_pack_14.x
liferay / digital_experience_platform 7.1-fix_pack_15 7.1-fix_pack_15.x
liferay / digital_experience_platform 7.1-fix_pack_16 7.1-fix_pack_16.x
liferay / digital_experience_platform 7.1-fix_pack_17 7.1-fix_pack_17.x
liferay / digital_experience_platform 7.1-fix_pack_4 7.1-fix_pack_4.x
liferay / digital_experience_platform 7.1 7.1.x
liferay / digital_experience_platform 7.1-fix_pack_1 7.1-fix_pack_1.x
liferay / digital_experience_platform 7.1-fix_pack_2 7.1-fix_pack_2.x
liferay / digital_experience_platform 7.1-fix_pack_3 7.1-fix_pack_3.x
liferay / digital_experience_platform 7.1-fix_pack_5 7.1-fix_pack_5.x
liferay / digital_experience_platform 7.1-sp1 7.1-sp1.x
liferay / digital_experience_platform 7.1-fix_pack_7 7.1-fix_pack_7.x
liferay / digital_experience_platform 7.1-fix_pack_8 7.1-fix_pack_8.x
com.liferay.portal / release.dxp.bom - 7.1.10.fp18
com.liferay.portal / release.dxp.bom 7.2.1 7.2.10.fp6