Issue
- Security scan shows CVE-2016-1000027 as an active vulnerability, is Liferay affected?
Environment
- DXP 7.4
Resolution
- CVE-2016-1000027 is known to us, and we can confirm that Liferay should not be vulnerable, as Liferay does not use the following components:
HttpInvokerServiceExporterandreadRemoteInvocation. - The vulnerability only exists if these endpoints are exposed to untrusted clients.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar