PT-2007-7087 · Bea · Bea Aqualogic Interaction

Publicado

2007-12-01

Atualizado

2018-10-15

CVE-2007-6197

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA AquaLogic Interaction versions 5.0.2 through 5.0.4 BEA AquaLogic Interaction version 6.0.1.218452

Description The issue allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page in the Plumtree portal.

Recommendations For BEA AquaLogic Interaction versions 5.0.2 through 5.0.4, consider removing sensitive comments from the HTML source of pages to prevent information disclosure. For BEA AquaLogic Interaction version 6.0.1.218452, consider removing sensitive comments from the HTML source of pages to prevent information disclosure.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2007-6197

Produtos afetados

Bea Aqualogic Interaction

PT-2007-7087 · Bea · Bea Aqualogic Interaction

CVE-2007-6197

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7