HTTP: Vignette Story Server Sensitive Information Disclosure
This signature detects attempts to exploit a known vulnerability in Vignette Story Server. Vignette Story Server versions 4.1 and 6 are vulnerable. Attackers can expose information about user sessions, server side code, and other sensitive information.
Extended Description
It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is successful a dump of the current stack contents will be returned to the attackers browser within an error message. The information gathered in this way may be used to mount further attacks against the system.
Affected Products
Vignette vignette
References
BugTraq: 7296
CVE: CVE-2002-0385
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0385 http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=8297
Short Name
HTTP:INFO-LEAK:VIGNETTE-LEAK
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-0385 Disclosure Information Sensitive Server Story Vignette bid:7296
Release Date
06/18/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Vignette
CVSS Score
5.0