Short Name |
HTTP:INFO-LEAK:VIGNETTE-LEAK-2 |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Vignette Story Server Script Information Disclosure |
Release Date |
2003/09/04 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects remote access to Vignette utilities, which include tools for debugging managed sites. Attackers can use these tools to gather information about the system and plan future, more targeted attacks.
It has been reported that some Vignette products install several templates, including the style template, in the /vgn directory. Because of this, it may be possible for a remote attacker to gain access to potentially sensitive information. ** The vendor has stated that on a live CDS, the affected template will not dump any information. Rather, the template will return a HTTP error 404 or show a blank page.