PT-2008-2518 · Oracle · Bea Plumtree Collaboration+1

Publicado

2008-02-22

Atualizado

2011-03-08

CVE-2008-0904

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA Plumtree Collaboration versions 4.1 through 4.1 SP2 AquaLogic Interaction versions 4.2 through 4.2 MP1

Description The issue allows remote attackers to read arbitrary files via a crafted URL, specifically targeting the download servlet.

Recommendations For BEA Plumtree Collaboration versions 4.1 through 4.1 SP2, consider restricting access to the download servlet until a fix is available. For AquaLogic Interaction versions 4.2 through 4.2 MP1, restrict access to the download servlet to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2008-0904

Produtos afetados

Bea Aqualogic Interaction

Bea Plumtree Collaboration

PT-2008-2518 · Oracle · Bea Plumtree Collaboration+1

CVE-2008-0904

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6