CVE-2008-0904

BEA Plumtree Collaboration 4.1-SP2 & AquaLogic Interaction 4.2-MP1 - Arbitrary File Read via Download Servlet

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019437
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41881
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0607/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28991
Patch vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/276

Scores

EPSS 0.0147
EPSS Percentile 70.7%

Details

CWE
CWE-200
Status published
Products (5)
bea_systems/aqualogic_interaction 4.2
bea_systems/aqualogic_interaction 4.2_mp1
bea_systems/plumtree_collaboration 4.1
bea_systems/plumtree_collaboration 4.1_sp1
bea_systems/plumtree_collaboration 4.1_sp2
Published Feb 22, 2008
Tracked Since Feb 18, 2026