CVE-2024-26267
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Feb 20, 2024
CWE ID 1188
Summary
CVE-2024-26267 is a vulnerability affecting Liferay Portal 7.2.0 to 7.4.3.25 and older unsupported versions, as well as Liferay DXP 7.4 before update 26, 7.3 before update 5, and 7.2 before fix pack 19. The issue lies in the default value of the `http.header.version.verbosity` portal property, which is set to `full`. This allows remote attackers to determine the specific version of the application in use and any associated vulnerabilities by analyzing the `Liferay-Portal` response header.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share