Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6198

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6198
Last Modified 07 Mar 2011 10:02:08
Published 01 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6198

Summary

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

Vulnerable Systems

Application

  • Bea Aqualogic Interaction 5.0.2

  • Bea Aqualogic Interaction 5.0.3

  • Bea Aqualogic Interaction 5.0.4

  • Bea Aqualogic Interaction 6.0.1.218452


References

SECUNIA - 27840

VUPEN - ADV-2007-4040

SECTRACK - 1019004

BID - 26620

MISC - http://procheckup.com/Vulnerability_PR06-11.php

BUGTRAQ - 20071201 PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users


Last Updated: 27 May 2016 10:46:24