Mon, 26 Jun 2017 09:00:00 +0000
CST-7019 DoS vulnerability via SessionClicks
Unsanitized data in SessionClicks allows an attacker to cause a denial-of-service (DoS) via crafted URLs. The denial-of-service is limited to users who have clicked on the crafted URL and may prevent the user from accessing some portlets.
There is no patch available for Liferay Portal 7.0 CE GA3. Instead, users should upgrade to Liferay Portal 7.0 CE GA4 (7.0.3) or later to fix this issue.