Primary

Context

Liferay Portal and Liferay DXP Incorrect Cache-Control Header Vulnerability Allowing File Access via Browser Cache

Vulnerability

Patched

A vulnerability exists in the Document Library and Adaptive Media modules of Liferay Portal versions 7.4.0 through 7.4.3.111, as well as in Liferay DXP versions 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92. These versions use an incorrect cache-control header, which enables local users to access downloaded files through the browser's cache.

Impact

Exploitation of this vulnerability could lead to unauthorized access to downloaded files via the browser's cache.

Remediation

Users can upgrade to Liferay Portal 7.4.3.112 or Liferay DXP 2024.Q1.1 to address this vulnerability.

Added: Nov 1, 2025, 12:17 AM

Updated: Nov 1, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liferay Portal and Liferay DXP Incorrect Cache-Control Header Vulnerability Allowing File Access via Browser Cache

Vulnerability

Impact

Remediation

Affected Products

Liferay Portal

Liferay DXP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating