Vulnerability CVE-2004-0917


Published: 2005-01-27   Modified: 2012-02-12

Description:
The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Vignette -> Application portal 

 References:
http://xforce.iss.net/xforce/xfdb/17530
http://www.securityfocus.com/bid/11267
http://www.atstake.com/research/advisories/2004/a092804-1.txt
http://securitytracker.com/id?1011447

Copyright 2021, cxsecurity.com

 

Back to Top