Listen to this Post
The CVE describes a path traversal vulnerability within the ComboServlet component of Liferay Portal and DXP. This servlet is designed to combine and serve multiple CSS or JavaScript files in a single request to improve performance, typically accessed via a URL parameter that specifies which files to fetch. The vulnerability arises because the servlet fails to properly sanitize user-supplied input from the query string used to construct the file paths. An attacker can exploit this by crafting a malicious URL that includes directory traversal sequences, such as ../../../. This allows the attacker to break out of the intended restricted directory and read arbitrary files from the underlying server filesystem. Furthermore, the same flawed input mechanism can be abused for a Denial-of-Service (DoS) attack. By repeatedly requesting the servlet to load a large number of files or specific files multiple times via the query string, an attacker can consume significant server resources, leading to service degradation or unavailability for legitimate users.
Platform: Liferay Portal/DXP
Version: 7.4.0-7.4.3.107
Vulnerability : Path Traversal
Severity: Critical
date: 2024-10-15
Prediction: 2024-11-15
What Undercode Say:
curl "http://target/combo/?/css/../../../../etc/passwd"
for i in {1..1000}; do curl "http://target/combo/?/css/file1.css&/css/file1.css"; done
How Exploit:
Craft URLs with `../` sequences.
Force servlet to load identical resources repeatedly.
Protection from this CVE
Apply vendor patch.
Implement WAF rules.
Sanitize user input.
Impact:
Arbitrary File Read.
Service Degradation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
