CVE-2024-26267

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 20, 2024
CWE ID 1188

Summary

CVE-2024-26267 is a vulnerability affecting Liferay Portal 7.2.0 to 7.4.3.25 and older unsupported versions, as well as Liferay DXP 7.4 before update 26, 7.3 before update 5, and 7.2 before fix pack 19. The issue lies in the default value of the `http.header.version.verbosity` portal property, which is set to `full`. This allows remote attackers to determine the specific version of the application in use and any associated vulnerabilities by analyzing the `Liferay-Portal` response header.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share