Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0917


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0917
Last Modified 05 Sep 2008 04:39:46
Published 27 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

Vulnerable Systems


  • Vignette Application Portal


XF - vignette-diagnostic-obtain-info(17530)

BID - 11267

ATSTAKE - A092804-1

SECTRACK - 1011447

Last Updated: 27 May 2016 10:38:48