gb_liferay_detect.nasl the version grabbing regex pattern
"Liferay-Portal: (Liferay ([^0-9]+)([0-9.]+))( (CE|EE|DE|DXP))?( ([GA0-9]+))?" has trouble parsing Liferay server headers that do not advertise any version (something that can be optionnaly set in a config element https://liferay.dev/forums/-/message_boards/message/68326822).
The current regex causes the grab to wrap over other HTTP headers resulting in the “version” including arbitrary data.
Example of a header causing this:
Date: Mon, 22 Jun 2022 20:23:52 GMT
Liferay-Portal: Liferay Digital Experience Platform
This will result in a match up to the
"0 from the
ETag header, and thus the version grabbed will include HSTS header data (typically here it’ll end up being 3600).
The problematic part in the regex is probably
[^0-9]+ that seem to include the newline of HTTP headers (probably because it’s different than the OS POSIX newline?) and results in multiline match.
It probably can be changed for a more restrictive match, for instance
[a-zA-Z ]+ that would work equally well for current cases.