HTTP: Vignette Application Portal Unauthenticated Diagnostics Page Access
This signature detects attempts to access the diagnostic utility supplied with the Vignette Application server. Because the utility does not use access controls, attackers (or any client) can connect to the utility and access sensitive configuration information.
Extended Description
Vignette Application Portal is affected by a remote information disclosure vulnerability. This issue is due to a design error that facilitates unauthorized access to sensitive information. An attacker can leverage this issue to reveal sensitive information such as operating system version, application version, database connection parameters, and various other application portal related setting details.
Affected Products
Vignette application_portal
Short Name
HTTP:INFO-LEAK:VIGNETTE-DIAG
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access Application CVE-2004-0917 Diagnostics Page Portal Unauthenticated Vignette bid:11267
Release Date
10/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Vignette
CVSS Score
5.0