TUCoPS :: Web :: CMS / Portals :: tb13661.htm

BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability


PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability=0D
=0D
Description:=0D
=0D
BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability.=0D
=0D
The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page within HTML comments.=0D
=0D
Date Found: 12th September 2006=0D
=0D
Vendor contacted: 18th May 2007=0D
=0D
Vulnerable: BEA Plumtree 5.0.2, 5.0.3, 5.0.4, 6.0.1.218452 and possibly other versions.=0D
=0D
Severity: Low=0D
=0D
Authors: Adrian Pastor and Jan Fry from ProCheckUp Ltd (www.procheckup.com)=0D 
=0D
ProCheckUp thanks BEA for working with us.=0D
=0D
Vendor Status: Confirmed=0D
=0D
CVE Candidate: Not assigned=0D
=0D
Proof of concept:=0D
=0D
The following is an example of the internal hostname of Plumtree server disclosed within HTML comments:=0D
=0D
=0D
=0D
Consequences:=0D
=0D
This information could be useful to a malicious user attempting to gain illegal access to resources on internal systems.=0D
=0D
By following internal hostname naming conventions, an attacker could predict other internal hostnames  as well. For instance, if Plumtree portal is running on a server with an internal hostname of websvr01, an attacker could predict other internal  hostnames such as websvr01, websvr02, websvr03 and  so on.=0D
=0D
Fix:=0D
=0D
This has been addressed in AquaLogic Interaction 6.1. MP1. This can also be addressed by making config changes in ALUI 6.x versions.=0D
=0D
References:=0D
=0D
http://www.procheckup.com/Vulnerability_2007.php=0D 
http://dev2dev.bea.com/pub/advisory/251=0D 
http://www.plumtree.com/=0D 
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH