CVE-2003-0405

Name of the Vulnerable Software and Affected Versions: Vignette StoryServer version 5 Vignette V/6

Description: The issue allows remote attackers to execute arbitrary TCL code. This can be achieved via an HTTP query or cookie that is processed in the NEEDS command, or an HTTP Referrer that is processed in the VALID PATHS command.

Recommendations: For Vignette StoryServer version 5, consider restricting access to the NEEDS command and validating all HTTP queries and cookies to prevent arbitrary TCL code execution. For Vignette V/6, restrict access to the VALID PATHS command and validate all HTTP Referrers to minimize the risk of exploitation.