{"id":"CVE-2024-26267","details":"In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.","aliases":["GHSA-2mvj-q2q3-wxjv"],"modified":"2026-07-08T07:47:15.075976634Z","published":"2024-02-20T13:15:08.843Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"7.2"}],"source":"CPE_RANGE","vendor_product":"liferay:digital_experience_platform","cpes":["cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"liferay:digital_experience_platform","cpes":["cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_6:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*","cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.2-NA"},{"last_affected":"7.2-NA"},{"introduced":"7.2-fix_pack_1"},{"last_affected":"7.2-fix_pack_1"},{"introduced":"7.2-fix_pack_10"},{"last_affected":"7.2-fix_pack_10"},{"introduced":"7.2-fix_pack_11"},{"last_affected":"7.2-fix_pack_11"},{"introduced":"7.2-fix_pack_12"},{"last_affected":"7.2-fix_pack_12"},{"introduced":"7.2-fix_pack_13"},{"last_affected":"7.2-fix_pack_13"},{"introduced":"7.2-fix_pack_14"},{"last_affected":"7.2-fix_pack_14"},{"introduced":"7.2-fix_pack_15"},{"last_affected":"7.2-fix_pack_15"},{"introduced":"7.2-fix_pack_16"},{"last_affected":"7.2-fix_pack_16"},{"introduced":"7.2-fix_pack_17"},{"last_affected":"7.2-fix_pack_17"},{"introduced":"7.2-fix_pack_18"},{"last_affected":"7.2-fix_pack_18"},{"introduced":"7.2-fix_pack_2"},{"last_affected":"7.2-fix_pack_2"},{"introduced":"7.2-fix_pack_3"},{"last_affected":"7.2-fix_pack_3"},{"introduced":"7.2-fix_pack_4"},{"last_affected":"7.2-fix_pack_4"},{"introduced":"7.2-fix_pack_5"},{"last_affected":"7.2-fix_pack_5"},{"introduced":"7.2-fix_pack_6"},{"last_affected":"7.2-fix_pack_6"},{"introduced":"7.2-fix_pack_7"},{"last_affected":"7.2-fix_pack_7"},{"introduced":"7.2-fix_pack_8"},{"last_affected":"7.2-fix_pack_8"},{"introduced":"7.2-fix_pack_9"},{"last_affected":"7.2-fix_pack_9"},{"introduced":"7.2-service_pack_1"},{"last_affected":"7.2-service_pack_1"},{"introduced":"7.2-service_pack_2"},{"last_affected":"7.2-service_pack_2"},{"introduced":"7.2-service_pack_3"},{"last_affected":"7.2-service_pack_3"},{"introduced":"7.2-service_pack_4"},{"last_affected":"7.2-service_pack_4"},{"introduced":"7.2-service_pack_5"},{"last_affected":"7.2-service_pack_5"},{"introduced":"7.2-service_pack_6"},{"last_affected":"7.2-service_pack_6"},{"introduced":"7.3-NA"},{"last_affected":"7.3-NA"},{"introduced":"7.3-fix_pack_1"},{"last_affected":"7.3-fix_pack_1"},{"introduced":"7.3-fix_pack_2"},{"last_affected":"7.3-fix_pack_2"},{"introduced":"7.3-service_pack_1"},{"last_affected":"7.3-service_pack_1"},{"introduced":"7.3-service_pack_3"},{"last_affected":"7.3-service_pack_3"},{"introduced":"7.3-update4"},{"last_affected":"7.3-update4"},{"introduced":"7.4-NA"},{"last_affected":"7.4-NA"},{"introduced":"7.4-update1"},{"last_affected":"7.4-update1"},{"introduced":"7.4-update10"},{"last_affected":"7.4-update10"},{"introduced":"7.4-update11"},{"last_affected":"7.4-update11"},{"introduced":"7.4-update12"},{"last_affected":"7.4-update12"},{"introduced":"7.4-update13"},{"last_affected":"7.4-update13"},{"introduced":"7.4-update14"},{"last_affected":"7.4-update14"},{"introduced":"7.4-update15"},{"last_affected":"7.4-update15"},{"introduced":"7.4-update16"},{"last_affected":"7.4-update16"},{"introduced":"7.4-update17"},{"last_affected":"7.4-update17"},{"introduced":"7.4-update18"},{"last_affected":"7.4-update18"},{"introduced":"7.4-update19"},{"last_affected":"7.4-update19"},{"introduced":"7.4-update2"},{"last_affected":"7.4-update2"},{"introduced":"7.4-update20"},{"last_affected":"7.4-update20"},{"introduced":"7.4-update21"},{"last_affected":"7.4-update21"},{"introduced":"7.4-update22"},{"last_affected":"7.4-update22"},{"introduced":"7.4-update23"},{"last_affected":"7.4-update23"},{"introduced":"7.4-update24"},{"last_affected":"7.4-update24"},{"introduced":"7.4-update25"},{"last_affected":"7.4-update25"},{"introduced":"7.4-update3"},{"last_affected":"7.4-update3"},{"introduced":"7.4-update4"},{"last_affected":"7.4-update4"},{"introduced":"7.4-update5"},{"last_affected":"7.4-update5"},{"introduced":"7.4-update6"},{"last_affected":"7.4-update6"},{"introduced":"7.4-update7"},{"last_affected":"7.4-update7"},{"introduced":"7.4-update8"},{"last_affected":"7.4-update8"},{"introduced":"7.4-update9"},{"last_affected":"7.4-update9"}]}]},"references":[{"type":"ADVISORY","url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liferay/liferay-portal","events":[{"introduced":"0"},{"last_affected":"29b73b9b896c7d44fb5d1800a402698c303d1cf6"},{"introduced":"ec84d86679146b84af526f96471a730c340dda78"},{"fixed":"7a639e6dc668ef4f0dc747a03ac0db1036f3a1c5"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"7.3.7"},{"introduced":"7.4.0"},{"fixed":"7.4.3.26"}]}}],"versions":["7.4.3.7-ga7","7.4.3.6-ga6","7.4.3.5-ga5","7.4.3.4-ga4","7.4.2-ga3","7.3.7-ga8","7.3.6-ga7","7.4.1-ga2","7.4.0-ga1","7.3.4-ga5","test-fix-pack-base-7310","7.3.3-ga4","7.3.2-ga3","7.3.1-ga2","7.3.0-ga1","7.2.0-b3","7.2.0-b2","7.2.0-b1","7.2.0-a1","7.2.0-m2","7.1.0-b2","7.1.0-b1","7.1.0-a2","7.1.0-a1","7.1.0-m2","7.1.0-m1","sync-3.1.0-ga1","sync-3.0.10-ga2","sync-3.0.9-ga1","sync-3.0.8-b9","7.0.0-m5","sync-3.0.7-b8","sync-3.0.6-b7","sync-3.0.5-b6","sync-3.0.4-b5","sync-3.0.3-b4","sync-3.0.2-b3","sync-3.0.1-b2","sync-3.0.0-b1","7.0.0-m4","7.0.0-m3","7.0.0-m2","7.0.0-m1","6.2.0-b2","6.2.0-b1","6.2.0-m6","6.2.0-m5","6.2.0-m4","6.2.0-m3","6.2.0-m2","6.1.0-rc1","6.1.0-b4","6.1.0-b3","6.1.0-b2","6.1.0-b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26267.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}