Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:INFO-LEAK:VIGNETTE-DIAG

Severity

 Low

Recommended

 No

Category

 HTTP

Keywords

 Vignette Application Portal Unauthenticated Diagnostics Page Access

Release Date

 2004/10/13

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Vignette Application Portal Unauthenticated Diagnostics Page Access


This signature detects attempts to access the diagnostic utility supplied with the Vignette Application server. Because the utility does not use access controls, attackers (or any client) can connect to the utility and access sensitive configuration information.

Extended Description

Vignette Application Portal is affected by a remote information disclosure vulnerability. This issue is due to a design error that facilitates unauthorized access to sensitive information. An attacker can leverage this issue to reveal sensitive information such as operating system version, application version, database connection parameters, and various other application portal related setting details.

Affected Products

  • Vignette Application Portal

References

  • BugTraq: 11267
  • CVE: CVE-2004-0917
  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2350.html
  • URL: http://securitytracker.com/alerts/2004/Sep/1011447.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out