Version Disclosure (Liferay Portal)

Severity:

Low

Summary

Invicti identified a version disclosure (Liferay Portal) in the target web server's HTTP response.

This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Liferay Portal.

Impact

An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Remediation

Apply the following changes on your portal-ext.properties file to disable Liferay header version verbosity:

http.header.version.verbosity=Off

Required Skills for Successful Exploitation

Actions To Take

Classifications

CAPEC-170

CWE-205

HIPAA-164.306(a), 164.308(a)

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Version Disclosure (Lightbox)

Version Disclosure (Phusion Passenger)

Stack Trace Disclosure (Laravel)

Lighthouse Identified

Version Disclosure (SeoPanel)

Version Disclosure (Liferay Portal)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.