← Back

CVE-2024-26267

nvd nist
Published: Feb 20, 2024Modified: Jan 28, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.

Affected (60)

Liferay
2 products
Liferay Portal
Digital Experience Platform
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Liferay Portal
Up to 7.3.7
Liferay Portal
From 7.4.0 to 7.4.3.26
Configuration B
58 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Before 7.2
Digital Experience Platform
Version 7.2
Digital Experience Platform
Version 7.2 fix_pack_10
Digital Experience Platform
Version 7.2 fix_pack_11
Digital Experience Platform
Version 7.2 fix_pack_12
Digital Experience Platform
Version 7.2 fix_pack_13
Digital Experience Platform
Version 7.2 fix_pack_14
Digital Experience Platform
Version 7.2 fix_pack_15
Digital Experience Platform
Version 7.2 fix_pack_16
Digital Experience Platform
Version 7.2 fix_pack_17
Digital Experience Platform
Version 7.2 fix_pack_18
Digital Experience Platform
Version 7.2 fix_pack_1
Digital Experience Platform
Version 7.2 fix_pack_2
Digital Experience Platform
Version 7.2 fix_pack_3
Digital Experience Platform
Version 7.2 fix_pack_4
Digital Experience Platform
Version 7.2 fix_pack_5
Digital Experience Platform
Version 7.2 fix_pack_6
Digital Experience Platform
Version 7.2 fix_pack_7
Digital Experience Platform
Version 7.2 fix_pack_8
Digital Experience Platform
Version 7.2 fix_pack_9
Digital Experience Platform
Version 7.2 service_pack_1
Digital Experience Platform
Version 7.2 service_pack_2
Digital Experience Platform
Version 7.2 service_pack_3
Digital Experience Platform
Version 7.2 service_pack_4
Digital Experience Platform
Version 7.2 service_pack_5
Digital Experience Platform
Version 7.2 service_pack_6
Digital Experience Platform
Version 7.3
Digital Experience Platform
Version 7.3 fix_pack_1
Digital Experience Platform
Version 7.3 fix_pack_2
Digital Experience Platform
Version 7.3 service_pack_1
Digital Experience Platform
Version 7.3 service_pack_3
Digital Experience Platform
Version 7.3 update4
Digital Experience Platform
Version 7.4
Digital Experience Platform
Version 7.4 update10
Digital Experience Platform
Version 7.4 update11
Digital Experience Platform
Version 7.4 update12
Digital Experience Platform
Version 7.4 update13
Digital Experience Platform
Version 7.4 update14
Digital Experience Platform
Version 7.4 update15
Digital Experience Platform
Version 7.4 update16
Digital Experience Platform
Version 7.4 update17
Digital Experience Platform
Version 7.4 update18
Digital Experience Platform
Version 7.4 update19
Digital Experience Platform
Version 7.4 update1
Digital Experience Platform
Version 7.4 update20
Digital Experience Platform
Version 7.4 update21
Digital Experience Platform
Version 7.4 update22
Digital Experience Platform
Version 7.4 update23
Digital Experience Platform
Version 7.4 update24
Digital Experience Platform
Version 7.4 update25
Digital Experience Platform
Version 7.4 update2
Digital Experience Platform
Version 7.4 update3
Digital Experience Platform
Version 7.4 update4
Digital Experience Platform
Version 7.4 update5
Digital Experience Platform
Version 7.4 update6
Digital Experience Platform
Version 7.4 update7
Digital Experience Platform
Version 7.4 update8
Digital Experience Platform
Version 7.4 update9

Related CWEs

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

Source: security@liferay.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.