CVE-2008-0904

Description

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

Affected products

• bea_systems / aqualogic_interaction4.2 – 4.2
• bea_systems / aqualogic_interaction4.2_mp1 – 4.2_mp1
• bea_systems / plumtree_collaboration4.1 – 4.1
• bea_systems / plumtree_collaboration4.1_sp1 – 4.1_sp1
• bea_systems / plumtree_collaboration4.1_sp2 – 4.1_sp2

References

• MISChttp://www.securitytracker.com/id?1019437
• MISChttp://osvdb.org/41881
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/0607/references
• VENDOR_ADVISORYhttp://secunia.com/advisories/28991
• MISChttp://dev2dev.bea.com/pub/advisory/276