Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Plumtree Vendors:   BEA Systems
BEA Plumtree Portal Discloses Internal Hostname and Product Version Number to Remote Users
SecurityTracker Alert ID:  1019005
SecurityTracker URL:
CVE Reference:   CVE-2007-6197   (Links to External Site)
Updated:  Dec 3 2007
Original Entry Date:  Nov 28 2007
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Plumtree Foundation 6.0 through SP1, AquaLogic Interaction 6.1 through SP1
Description:   A vulnerability was reported in BEA Plumtree Portal. A remote user can determine the internal hostname and the version number.

The internal hostname of the server hosting the BEA Plumtree portal and the version and build date of the portal are included within HTML comments in every page served.

BEA Plumtree Foundation and BEA AquaLogic Interaction are affected.

The vendor was notified on May 18, 2007.

Adrian Pastor and Jan Fry from ProCheckUp Ltd. reported this vulnerability.

The original advisories are available at:

Impact:   A remote user can determine the internal hostname of the server and the product version number of the portal software.
Solution:   The vendor has described a configuration process to address these vulnerabilities in their advisories.

The BEA advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2003)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC