Description
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://procheckup.com/Vulnerability_PR06-08.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019005
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4040
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484467/100/0/threaded
Exploit x_refsource_misc
http://procheckup.com/Vulnerability_PR06-09.php
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27840
Scores
EPSS
0.0060
EPSS Percentile
69.6%
Details
CWE
CWE-200
Status
published
Products (4)
bea/aqualogic_interaction
5.0.2
bea/aqualogic_interaction
5.0.3
bea/aqualogic_interaction
5.0.4
bea/aqualogic_interaction
6.0.1.218452
Published
Dec 01, 2007
Tracked Since
Feb 18, 2026