CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

Published: Feb 22, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0904
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
bea_systems / plumtree_collaboration	4.1_sp2	4.1_sp2.x
bea_systems / aqualogic_interaction	4.2	4.2.x
bea_systems / plumtree_collaboration	4.1_sp1	4.1_sp1.x
bea_systems / plumtree_collaboration	4.1	4.1.x
bea_systems / aqualogic_interaction	4.2_mp1	4.2_mp1.x

http://dev2dev.bea.com/pub/advisory/276
http://osvdb.org/41881
http://secunia.com/advisories/28991
http://www.securitytracker.com/id?1019437
http://www.vupen.com/english/advisories/2008/0607/references

Vulnerability Database

CVE-2008-0904