Lucene search
PRIOn knowledge basePRION:CVE-2024-25146HistoryFeb 08, 2024 - 4:15 a.m.
Design/Logic Flaw
2024-02-0804:15:00
PRIOn knowledge base
www.prio-n.com
2
liferay portal 7.2.0
liferay portal 7.4.1
liferay dxp 7.3
logic flaw
remote attack
site enumeration
url
custom 404 page
security vulnerability
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.2 fixpack2 | |
| dxp | eq | 7.2 fixpack3 | |
| dxp | eq | 7.2 fixpack4 | |
| dxp | eq | 7.2 fixpack5 | |
| dxp | eq | 7.2 fixpack1 | |
| dxp | eq | 7.2 | |
| dxp | eq | 7.2 fixpack6 | |
| dxp | eq | 7.2 fixpack7 | |
| dxp | eq | 7.2 fixpack8 | |
| dxp | eq | 7.2 fixpack9 |
Related
github
github
Liferay Portal allows attackers to discover the existence of sites
2024-02-08 06:30:23
cvelist
cvelist
CVE-2024-25146
2024-02-08 03:36:07
cve
cve
CVE-2024-25146
2024-02-08 04:15:08
veracode
veracode
Observable Discrepancy
2024-02-12 11:31:18
osv
osv
CVE-2024-25146
2024-02-08 04:15:08
Liferay Portal allows attackers to discover the existence of sites
2024-02-08 06:30:23
nvd
nvd
CVE-2024-25146
2024-02-08 04:15:08