PT-2007-7087 · Bea · Bea Aqualogic Interaction

Published

2007-12-01

Updated

2018-10-15

CVE-2007-6197

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA AquaLogic Interaction versions 5.0.2 through 5.0.4 BEA AquaLogic Interaction version 6.0.1.218452

Description The issue allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page in the Plumtree portal.

Recommendations For BEA AquaLogic Interaction versions 5.0.2 through 5.0.4, consider removing sensitive comments from the HTML source of pages to prevent information disclosure. For BEA AquaLogic Interaction version 6.0.1.218452, consider removing sensitive comments from the HTML source of pages to prevent information disclosure.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-6197

Affected Products

Bea Aqualogic Interaction

PT-2007-7087 · Bea · Bea Aqualogic Interaction

CVE-2007-6197

Weakness Enumeration

Related Identifiers

Affected Products

References · 7