ID CVE-2004-0917
Summary The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.
References
Vulnerable Configurations
  • cpe:2.3:a:vignette:application_portal:*:*:*:*:*:*:*:*
    cpe:2.3:a:vignette:application_portal:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
atstake A092804-1
bid 11267
sectrack 1011447
xf vignette-diagnostic-obtain-info(17530)
Last major update 11-07-2017 - 01:30
Published 27-01-2005 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top