PT-2003-1596 · Vignette · Vignette V/6+1

Ramon Pinuaga Cascales

Published

2003-06-11

Updated

2016-10-18

CVE-2003-0405

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Vignette StoryServer version 5 Vignette V/6

Description: The issue allows remote attackers to execute arbitrary TCL code. This can be achieved via an HTTP query or cookie that is processed in the NEEDS command, or an HTTP Referrer that is processed in the VALID PATHS command.

Recommendations: For Vignette StoryServer version 5, consider restricting access to the NEEDS command and validating all HTTP queries and cookies to prevent arbitrary TCL code execution. For Vignette V/6, restrict access to the VALID PATHS command and validate all HTTP Referrers to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0405

Affected Products

Vignette Storyserver

Vignette V/6

PT-2003-1596 · Vignette · Vignette V/6+1

CVE-2003-0405

Related Identifiers

Affected Products

References · 6