Signature Detail

HTTP: Vignette Story Server Sensitive Information Disclosure

This signature detects attempts to exploit a known vulnerability in Vignette Story Server. Vignette Story Server versions 4.1 and 6 are vulnerable. Attackers can expose information about user sessions, server side code, and other sensitive information.

Extended Description

It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is successful a dump of the current stack contents will be returned to the attackers browser within an error message. The information gathered in this way may be used to mount further attacks against the system.

Affected Products

• Vignette StoryServer 4.1.0
• Vignette V/5

References

• BugTraq: 7296
• CVE: CVE-2002-0385
• URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0385
• URL: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=8297