CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://procheckup.com/Vulnerability_PR06-08.php	Exploit
http://procheckup.com/Vulnerability_PR06-09.php	Exploit
http://www.securitytracker.com/id?1019005
http://secunia.com/advisories/27840	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/4040
http://www.securityfocus.com/archive/1/484467/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:aqualogic_interaction:5.0.2:::::::*
	cpe:2.3:a:bea:aqualogic_interaction:6.0.1.218452:::::::*
	cpe:2.3:a:bea:aqualogic_interaction:5.0.3:::::::*
	cpe:2.3:a:bea:aqualogic_interaction:5.0.4:::::::*

Information

Published : 2007-11-30 22:46

Updated : 2018-10-15 14:50

NVD link : CVE-2007-6197

Mitre link : CVE-2007-6197

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

bea

aqualogic_interaction

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://procheckup.com/Vulnerability_PR06-08.php", "name": "http://procheckup.com/Vulnerability_PR06-08.php", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://procheckup.com/Vulnerability_PR06-09.php", "name": "http://procheckup.com/Vulnerability_PR06-09.php", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id?1019005", "name": "1019005", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/27840", "name": "27840", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/4040", "name": "ADV-2007-4040", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded", "name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-6197", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-12-01T06:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:aqualogic_interaction:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_interaction:6.0.1.218452:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_interaction:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_interaction:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T21:50Z"}

5.0 /10