SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.2"
}
],
"vendor_product": "liferay:digital_experience_platform",
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update11:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update12:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update13:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update15:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update16:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update17:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update18:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update19:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update20:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update21:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update22:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update23:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update24:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update25:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update3:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.3-NA"
},
{
"last_affected": "7.3-NA"
},
{
"introduced": "7.3-update1"
},
{
"last_affected": "7.3-update1"
},
{
"introduced": "7.3-update10"
},
{
"last_affected": "7.3-update10"
},
{
"introduced": "7.3-update11"
},
{
"last_affected": "7.3-update11"
},
{
"introduced": "7.3-update12"
},
{
"last_affected": "7.3-update12"
},
{
"introduced": "7.3-update13"
},
{
"last_affected": "7.3-update13"
},
{
"introduced": "7.3-update14"
},
{
"last_affected": "7.3-update14"
},
{
"introduced": "7.3-update15"
},
{
"last_affected": "7.3-update15"
},
{
"introduced": "7.3-update16"
},
{
"last_affected": "7.3-update16"
},
{
"introduced": "7.3-update17"
},
{
"last_affected": "7.3-update17"
},
{
"introduced": "7.3-update18"
},
{
"last_affected": "7.3-update18"
},
{
"introduced": "7.3-update19"
},
{
"last_affected": "7.3-update19"
},
{
"introduced": "7.3-update2"
},
{
"last_affected": "7.3-update2"
},
{
"introduced": "7.3-update20"
},
{
"last_affected": "7.3-update20"
},
{
"introduced": "7.3-update21"
},
{
"last_affected": "7.3-update21"
},
{
"introduced": "7.3-update22"
},
{
"last_affected": "7.3-update22"
},
{
"introduced": "7.3-update23"
},
{
"last_affected": "7.3-update23"
},
{
"introduced": "7.3-update24"
},
{
"last_affected": "7.3-update24"
},
{
"introduced": "7.3-update25"
},
{
"last_affected": "7.3-update25"
},
{
"introduced": "7.3-update3"
},
{
"last_affected": "7.3-update3"
},
{
"introduced": "7.3-update4"
},
{
"last_affected": "7.3-update4"
},
{
"introduced": "7.3-update5"
},
{
"last_affected": "7.3-update5"
},
{
"introduced": "7.3-update6"
},
{
"last_affected": "7.3-update6"
},
{
"introduced": "7.3-update7"
},
{
"last_affected": "7.3-update7"
},
{
"introduced": "7.3-update8"
},
{
"last_affected": "7.3-update8"
},
{
"introduced": "7.3-update9"
},
{
"last_affected": "7.3-update9"
},
{
"introduced": "7.4-NA"
},
{
"last_affected": "7.4-NA"
},
{
"introduced": "7.4-update1"
},
{
"last_affected": "7.4-update1"
},
{
"introduced": "7.4-update2"
},
{
"last_affected": "7.4-update2"
},
{
"introduced": "7.4-update3"
},
{
"last_affected": "7.4-update3"
},
{
"introduced": "7.4-update4"
},
{
"last_affected": "7.4-update4"
},
{
"introduced": "7.4-update5"
},
{
"last_affected": "7.4-update5"
},
{
"introduced": "7.4-update6"
},
{
"last_affected": "7.4-update6"
},
{
"introduced": "7.4-update7"
},
{
"last_affected": "7.4-update7"
},
{
"introduced": "7.4-update8"
},
{
"last_affected": "7.4-update8"
},
{
"introduced": "7.4-update9"
},
{
"last_affected": "7.4-update9"
}
],
"vendor_product": "liferay:digital_experience_platform",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:liferay:liferay_portal:6.2:*:*:*:enterprise:*:*:*"
],
"extracted_events": [
{
"introduced": "6.2"
},
{
"last_affected": "6.2"
}
],
"vendor_product": "liferay:liferay_portal",
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.4.3.21"
}
],
"source": "CPE_RANGE"
}