Lucene search
HistoryJun 01, 2004 - 4:00 a.m.
CVE-2002-0385
cve-2002-0385
vignette story server
remote attack
sensitive information leak
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.8%
Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of ‘"’ (double quote) and and ‘>’ characters, which causes the TCL interpreter to crash and include stack data in the output.
Affected configurations
Node
vignettestoryserverMatch4.1
ORvignettestoryserverMatch6.0
ORvignettevignetteMatch5.0
Related
nessus
nessus
Vignette StoryServer TCL Server Crash Information Disclosure
2003-04-08 00:00:00
securityvulns
securityvulns
Vignette Story Server sensitive information disclosure (a040703-1)
2003-04-08 00:00:00
nvd
nvd
CVE-2002-0385
2004-06-01 04:00:00
cvelist
cvelist
CVE-2002-0385
2004-04-16 04:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.8%
Related for CVE-2002-0385