CVE-2004-0917

Name of the Vulnerable Software and Affected Versions: Vignette Application Portal (affected versions not specified)

Description: The issue concerns the default installation of the software, where the diagnostic utility is installed without authentication requirements. This allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to "/diag".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.