CVE-2024-25146
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
Liferay Portal 7.2.0 a 7.4.1 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al service pack 3, 7.2 anterior al fix pack 18 y versiones anteriores no compatibles devuelven respuestas diferentes dependiendo de si un sitio no existe o si el usuario no tiene permiso para acceder al sitio, lo que permite a atacantes remotos descubrir la existencia de sitios enumerando las URL. Esta vulnerabilidad ocurre si locale.prepend.friendly.url.style=2 y si se utiliza una página 404 personalizada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-06 CVE Reserved
- 2024-02-08 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
- CWE-204: Observable Response Discrepancy
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | - |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_1 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_10 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_11 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_12 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_13 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_14 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_15 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_16 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_17 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_2 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_3 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_4 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_5 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_6 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_7 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_8 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.2 Search vendor "Liferay" for product "Dxp" and version "7.2" | fix_pack_9 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.3 Search vendor "Liferay" for product "Dxp" and version "7.3" | - |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.3 Search vendor "Liferay" for product "Dxp" and version "7.3" | sp1 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Dxp Search vendor "Liferay" for product "Dxp" | 7.3 Search vendor "Liferay" for product "Dxp" and version "7.3" | sp2 |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | >= 7.2.0 <= 7.4.1 Search vendor "Liferay" for product "Liferay Portal" and version " >= 7.2.0 <= 7.4.1" | - |
Affected
| ||||||