1. CVE-Search
  2. CVE-2003-0405
ID CVE-2003-0405
Summary Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
References
Vulnerable Configurations
  • cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2016 - 02:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 7690
  • 7692
bugtraq 20030526 S21SEC-024 - Vignette TCL Injection
misc http://www.s21sec.com/es/avisos/s21sec-024-en.txt
xf vignette-tcl-code-execution(12070)
Last major update 18-10-2016 - 02:33
Published 30-06-2003 - 04:00
Last modified 18-10-2016 - 02:33
Back to Top