Moderate severityNVD Advisory· Published May 7, 2011· Updated Apr 29, 2026
CVE-2011-1571
CVE-2011-1571
Description
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:portal-serviceMaven | >= 5.0.0, < 6.0.6-ga | 6.0.6-ga |
Affected products
1Patches
155502ca16019LPS-14726 Remote command execution in XSL Content portlet
4 files changed · +21 −1
portal-impl/src/com/liferay/portal/util/PropsValues.java+2 −0 modified@@ -1250,6 +1250,8 @@ public class PropsValues { public static final String WIKI_PAGE_TITLES_REMOVE_REGEXP = PropsUtil.get(PropsKeys.WIKI_PAGE_TITLES_REMOVE_REGEXP); + public static final boolean XSL_CONTENT_SECURE_PROCESSING_ENABLED = GetterUtil.getBoolean(PropsUtil.get(PropsKeys.XSL_CONTENT_SECURE_PROCESSING_ENABLED)); + static { if (!LAYOUT_USER_PRIVATE_LAYOUTS_ENABLED) { LAYOUT_USER_PRIVATE_LAYOUTS_AUTO_CREATE = false;
portal-impl/src/com/liferay/portlet/xslcontent/util/XSLContentUtil.java+6 −0 modified@@ -17,11 +17,13 @@ import com.liferay.portal.kernel.io.unsync.UnsyncByteArrayOutputStream; import com.liferay.portal.kernel.io.unsync.UnsyncStringReader; import com.liferay.portal.kernel.util.HttpUtil; +import com.liferay.portal.util.PropsValues; import java.io.IOException; import java.net.URL; +import javax.xml.XMLConstants; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; @@ -51,6 +53,10 @@ public static String transform(URL xmlUrl, URL xslUrl) TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature( + XMLConstants.FEATURE_SECURE_PROCESSING, + PropsValues.XSL_CONTENT_SECURE_PROCESSING_ENABLED); + Transformer transformer = transformerFactory.newTransformer(xslSource);
portal-impl/src/portal.properties+11 −1 modified@@ -7050,4 +7050,14 @@ wiki.email.page.updated.body=com/liferay/portlet/wiki/dependencies/email_page_updated_body.tmpl wiki.email.page.updated.signature=com/liferay/portlet/wiki/dependencies/email_page_updated_signature.tmpl - wiki.rss.abstract.length=200 \ No newline at end of file + wiki.rss.abstract.length=200 + +## +## XSL Content +## + + # + # Set this to true to process XML securely. Set this to false to process XML + # according to the letter of the XML specifications. + # + xsl.content.secure.processing.enabled=true \ No newline at end of file
portal-service/src/com/liferay/portal/kernel/util/PropsKeys.java+2 −0 modified@@ -1847,6 +1847,8 @@ public interface PropsKeys { public static final String WIKI_RSS_ABSTRACT_LENGTH = "wiki.rss.abstract.length"; + public static final String XSL_CONTENT_SECURE_PROCESSING_ENABLED = "xsl.content.secure.processing.enabled"; + public static final String YM_LOGIN = "ym.login"; public static final String YM_PASSWORD = "ym.password";
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- issues.liferay.com/browse/LPS-14726nvdIssue TrackingVendor AdvisoryWEB
- issues.liferay.com/secure/ReleaseNote.jspanvdRelease NotesVendor AdvisoryWEB
- openwall.com/lists/oss-security/2011/03/29/1nvdMailing ListThird Party AdvisoryWEB
- openwall.com/lists/oss-security/2011/04/08/5nvdMailing ListThird Party AdvisoryWEB
- openwall.com/lists/oss-security/2011/04/11/9nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-rpj9-pc39-h8j8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-1571ghsaADVISORY
- github.com/liferay/liferay-portal/commit/55502ca16019e1ea1a581ee87f4f20cde638c825ghsaWEB
News mentions
0No linked articles in our index yet.