Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
http://openwall.com/lists/oss-security/2011/04/11/9
http://openwall.com/lists/oss-security/2011/04/08/5
http://openwall.com/lists/oss-security/2011/03/29/1
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952