{"api_version":"1","generated_at":"2026-04-23T08:38:31+00:00","cve":"CVE-2007-6197","urls":{"html":"https://cve.report/CVE-2007-6197","api":"https://cve.report/api/cve/CVE-2007-6197.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6197","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6197"},"summary":{"title":"CVE-2007-6197","description":"The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-01 06:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://procheckup.com/Vulnerability_PR06-09.php","name":"http://procheckup.com/Vulnerability_PR06-09.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"ProCheckUp - Security Vulnerabilities 2007","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/27840","name":"http://secunia.com/advisories/27840","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"BEA AquaLogic Interaction Plumtree Portal Information Disclosure - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4040","name":"http://www.vupen.com/english/advisories/2007/4040","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019005","name":"http://www.securitytracker.com/id?1019005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BEA Plumtree Portal Discloses Internal Hostname and Product Version Number to Remote Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/484467/100/0/threaded","name":"http://www.securityfocus.com/archive/1/484467/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://procheckup.com/Vulnerability_PR06-08.php","name":"http://procheckup.com/Vulnerability_PR06-08.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"ProCheckUp - Security Vulnerabilities 2007","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6197","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6197","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_interaction","cpe6":"5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_interaction","cpe6":"5.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_interaction","cpe6":"5.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_interaction","cpe6":"6.0.1.218452","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:54:27.111Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://procheckup.com/Vulnerability_PR06-08.php"},{"name":"1019005","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019005"},{"name":"ADV-2007-4040","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4040"},{"name":"20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/484467/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://procheckup.com/Vulnerability_PR06-09.php"},{"name":"27840","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27840"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-11-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://procheckup.com/Vulnerability_PR06-08.php"},{"name":"1019005","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019005"},{"name":"ADV-2007-4040","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4040"},{"name":"20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/484467/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"http://procheckup.com/Vulnerability_PR06-09.php"},{"name":"27840","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27840"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6197","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://procheckup.com/Vulnerability_PR06-08.php","refsource":"MISC","url":"http://procheckup.com/Vulnerability_PR06-08.php"},{"name":"1019005","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019005"},{"name":"ADV-2007-4040","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4040"},{"name":"20071201 PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/484467/100/0/threaded"},{"name":"http://procheckup.com/Vulnerability_PR06-09.php","refsource":"MISC","url":"http://procheckup.com/Vulnerability_PR06-09.php"},{"name":"27840","refsource":"SECUNIA","url":"http://secunia.com/advisories/27840"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6197","datePublished":"2007-12-01T01:00:00.000Z","dateReserved":"2007-11-30T00:00:00.000Z","dateUpdated":"2024-08-07T15:54:27.111Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-01 06:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_interaction:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"55CF2586-AA51-4B8F-B08F-CB93E61B7A7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_interaction:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0B2A5F32-A22D-4279-9204-4359370EFA53"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_interaction:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3E0D34F4-C045-49EA-9858-6E8DA0756071"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_interaction:6.0.1.218452:*:*:*:*:*:*:*","matchCriteriaId":"6609AAFA-EAA8-460C-BADB-2E175611CEDF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6197","Ordinal":"1","Title":"CVE-2007-6197","CVE":"CVE-2007-6197","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6197","Ordinal":"1","NoteData":"The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.","Type":"Description","Title":"CVE-2007-6197"},{"CveYear":"2007","CveId":"6197","Ordinal":"2","NoteData":"2007-11-30","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6197","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}