Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 16 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Jun 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests. | |
Weaknesses | CWE-400 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-06-16T14:41:32.560Z
Reserved: 2025-04-11T16:45:45.148Z
Link: CVE-2025-3526

Updated: 2025-06-16T14:41:10.837Z

Status : Awaiting Analysis
Published: 2025-06-16T15:15:24.097
Modified: 2025-06-17T20:50:23.507
Link: CVE-2025-3526

No data.

Updated: 2025-06-20T13:55:53Z