Issue
- Security scan shows CVE-2016-1000027 as an active vulnerability, is Liferay affected?
Environment
- DXP 7.4
Resolution
- CVE-2016-1000027 is known to us, and we can confirm that Liferay should not be vulnerable, as Liferay does not use the following components:
HttpInvokerServiceExporterandreadRemoteInvocation. - The vulnerability only exists if these endpoints are exposed to untrusted clients.
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In