PT-2008-2518 · Oracle · Bea Plumtree Collaboration+1

Published

2008-02-22

Updated

2011-03-08

CVE-2008-0904

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA Plumtree Collaboration versions 4.1 through 4.1 SP2 AquaLogic Interaction versions 4.2 through 4.2 MP1

Description The issue allows remote attackers to read arbitrary files via a crafted URL, specifically targeting the download servlet.

Recommendations For BEA Plumtree Collaboration versions 4.1 through 4.1 SP2, consider restricting access to the download servlet until a fix is available. For AquaLogic Interaction versions 4.2 through 4.2 MP1, restrict access to the download servlet to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-0904

Affected Products

Bea Aqualogic Interaction

Bea Plumtree Collaboration

PT-2008-2518 · Oracle · Bea Plumtree Collaboration+1

CVE-2008-0904

Weakness Enumeration

Related Identifiers

Affected Products

References · 6