Code injection

2007-12-0106:46:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.

CPENameOperatorVersion
aqualogic_interactioneq6.0.1.218452
aqualogic_interactioneq5.0.2
aqualogic_interactioneq5.0.3
aqualogic_interactioneq5.0.4

Name	Operator	Version
aqualogic_interaction	eq	6.0.1.218452
aqualogic_interaction	eq	5.0.2
aqualogic_interaction	eq	5.0.3
aqualogic_interaction	eq	5.0.4

References

procheckup.com/Vulnerability_PR06-08.php

procheckup.com/Vulnerability_PR06-09.php

secunia.com/advisories/27840

www.securityfocus.com/archive/1/484467/100/0/threaded

www.securitytracker.com/id?1019005

www.vupen.com/english/advisories/2007/4040