HTTP: Vignette Story Server Script Information Disclosure
This signature detects remote access to Vignette utilities, which include tools for debugging managed sites. Attackers can use these tools to gather information about the system and plan future, more targeted attacks.
Extended Description
It has been reported that some Vignette products install several templates, including the style template, in the /vgn directory. Because of this, it may be possible for a remote attacker to gain access to potentially sensitive information. ** The vendor has stated that on a live CDS, the affected template will not dump any information. Rather, the template will return a HTTP error 404 or show a blank page.
Affected Products
Vignette vignette
Short Name
HTTP:INFO-LEAK:VIGNETTE-LEAK-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2003-0401 Disclosure Information Script Server Story Vignette bid:7688
Release Date
09/05/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Vignette
CVSS Score
5.0