Search criteria
6 vulnerabilities found for aqualogic_interaction by bea
FKIE_CVE-2007-6198
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea | aqualogic_interaction | 5.0.2 | |
| bea | aqualogic_interaction | 5.0.3 | |
| bea | aqualogic_interaction | 5.0.4 | |
| bea | aqualogic_interaction | 6.0.1.218452 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55CF2586-AA51-4B8F-B08F-CB93E61B7A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2A5F32-A22D-4279-9204-4359370EFA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0D34F4-C045-49EA-9858-6E8DA0756071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:6.0.1.218452:*:*:*:*:*:*:*",
"matchCriteriaId": "6609AAFA-EAA8-460C-BADB-2E175611CEDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter."
},
{
"lang": "es",
"value": "El elemento portal/server.pt en el portal Plumtree de BEA AquaLogic Interaction, desde la versi\u00f3n 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite usar caracteres comod\u00edn (*) en b\u00fasquedas avanzadas para nombres de usuario, lo que permite que atacantes remotos obtengan listas de usuarios v\u00e1lidos usando el par\u00e1metro in_tx_fulltext."
}
],
"id": "CVE-2007-6198",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27840"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019004"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6197
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea | aqualogic_interaction | 5.0.2 | |
| bea | aqualogic_interaction | 5.0.3 | |
| bea | aqualogic_interaction | 5.0.4 | |
| bea | aqualogic_interaction | 6.0.1.218452 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55CF2586-AA51-4B8F-B08F-CB93E61B7A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2A5F32-A22D-4279-9204-4359370EFA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0D34F4-C045-49EA-9858-6E8DA0756071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:aqualogic_interaction:6.0.1.218452:*:*:*:*:*:*:*",
"matchCriteriaId": "6609AAFA-EAA8-460C-BADB-2E175611CEDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."
},
{
"lang": "es",
"value": "El portal Plumtree de BEA AquaLogic Interaction, de la versi\u00f3n 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite que atacantes remotos obtengan n\u00fameros de versi\u00f3n y nombres de m\u00e1quinas internas, leyendo los comentarios en el c\u00f3digo HTML de cualquiera de sus p\u00e1ginas."
}
],
"id": "CVE-2007-6197",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27840"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019005"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-6198 (GCVE-0-2007-6198)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://procheckup.com/Vulnerability_PR06-11.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6198",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6197 (GCVE-0-2007-6197)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://procheckup.com/Vulnerability_PR06-08.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"name": "http://procheckup.com/Vulnerability_PR06-09.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6197",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6198 (GCVE-0-2007-6198)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://procheckup.com/Vulnerability_PR06-11.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-11.php"
},
{
"name": "20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484469/100/0/threaded"
},
{
"name": "26620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26620"
},
{
"name": "ADV-2007-4040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "1019004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019004"
},
{
"name": "27840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6198",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6197 (GCVE-0-2007-6197)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://procheckup.com/Vulnerability_PR06-08.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-08.php"
},
{
"name": "1019005",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019005"
},
{
"name": "ADV-2007-4040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4040"
},
{
"name": "20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484467/100/0/threaded"
},
{
"name": "http://procheckup.com/Vulnerability_PR06-09.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR06-09.php"
},
{
"name": "27840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6197",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}