Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:INFO-LEAK:VIGNETTE-LEAK-2

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Vignette Story Server Script Information Disclosure

Release Date

 2003/09/04

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Vignette Story Server Script Information Disclosure


This signature detects remote access to Vignette utilities, which include tools for debugging managed sites. Attackers can use these tools to gather information about the system and plan future, more targeted attacks.

Extended Description

It has been reported that some Vignette products install several templates, including the style template, in the /vgn directory. Because of this, it may be possible for a remote attacker to gain access to potentially sensitive information. ** The vendor has stated that on a live CDS, the affected template will not dump any information. Rather, the template will return a HTTP error 404 or show a blank page.

Affected Products

  • Vignette Content Suite V5
  • Vignette Content Suite V7
  • Vignette StoryServer 4.0.0
  • Vignette StoryServer 4.1.0
  • Vignette StoryServer 5.0.0
  • Vignette V6 Content Suite
  • Vignette V/5

References

  • BugTraq: 7688
  • CVE: CVE-2003-0401
  • URL: http://marc.theaimsgroup.com/?l=bugtraq&m=105405793324661&w=2
  • URL: http://www.cgisecurity.com/archive/misc/Vignette-style-internal-info-leak.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out