Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0917

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0917
Last Modified 05 Sep 2008 04:39:46
Published 27 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0917

Summary

The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

Vulnerable Systems

Application

  • Vignette Application Portal


References

XF - vignette-diagnostic-obtain-info(17530)

BID - 11267

ATSTAKE - A092804-1

SECTRACK - 1011447


Last Updated: 27 May 2016 10:38:48