Hi Pete, On 17.06.20 23:44, Pete Helgren wrote: > I am going to guess that it is one of these two known vulnerabilities: > > CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) > The JSONDeserializer of Flexjson allows the instantiation of arbitrary > classes and the invocation of arbitrary setter methods. > > CST-7205: Unauthenticated Remote code execution via JSONWS > (LPS-97029/CVE-2020-7961) > The JSONWebServiceActionParametersMap of Liferay Portal allows the > instantiation of arbitrary classes and invocation of arbitrary setter > methods. > > Found the signature in the logs and it's pretty clear that that is > what we are up against. However, if something else comes to mind, > feel free to post back. I did come across a couple of other posts > where the OP said there was nothing but Tomcat and they also ended up > with the miner. > > I have some updating to do.... > Correct analysis.
What you need is this update https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1 And while you're at it: There has been another patch published this month https://liferay.dev/blogs/-/blogs/june-2020-security-patches-for-liferay-portal-7-1-and-7-2 Best, Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org