Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
From: imipak <imipak@xxxxxxxxx>
Date: Mon, 3 Dec 2007 19:10:38 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=WaAsZ6axX4JPDkPiBuX/qJFfNfCfZA8o7QYg7tSKPvo=; b=Q6uPHEBkSx2gxd+86NKDCKbBLOrCOscGRJ3b7NIc5cu2HbBo1xf/L/YTdWkgMmE7F6L04LYTRscyJYjVAljpbKQWUCoM5VZiFlY0UkeBsEUk5+avvWCQGOcjsjuR4IQa/zcsx7ByCp8eq2aPLb7cFW7iNFdOO/LifwfSSCynZJo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LlhudcQP2CjJhGSdB96GPVHbrTvKW4eM8p6ESroWTNy9ppVdC0EhZYnt/LIDawZuF+MgEXGdItMDsh7Nfp62F5B5b0L9Q/EqrxKHFxfcODJ9Zgtku3eJ50Y2xTAAqBLGSE2FC0P63CzVjNbCK0tzt1aCnqXyueIY8bfRH3mhgwo=
In-reply-to: <a3a7d6660712031110q4281e50ep991d86201f2d1062@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20071201210434.23290.qmail@xxxxxxxxxxxxxxxxx> <7796947a0712030826m5eed3f5eh1e213005b48fd004@xxxxxxxxxxxxxx> <a3a7d6660712031110q4281e50ep991d86201f2d1062@xxxxxxxxxxxxxx>

On Dec 3, 2007 4:26 PM, guiness.stout <guinness.stout@xxxxxxxxx> wrote:
>
> On 1 Dec 2007 21:04:34 -0000, <research@xxxxxxxxxxxxxx> wrote:
> > PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
> >
> I have verified this as well as PR06-09 and PR06-11 in version 6.1.0.240495.
>


Version 5.x is also vulnerable to all three issues.


=i



-- 
And what exactly is a dream?
And what exactly is a joke?
                                            - Syd Barrett

References:
- PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
  - From: research
- Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
  - From: guiness.stout

Prev by Date: Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
Next by Date: SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software
Previous by thread: Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
Next by thread: [SECURITY] [DSA 1417-1] New asterisk packages fix SQL injection
Index(es):
- Date
- Thread