Lucene search

[email protected]CVE-2003-0398

HistoryJul 02, 2003 - 4:00 a.m.

CVE-2003-0398

2003-07-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0398

vignette

storyserver

v/5

v/6

ssi exec

code execution

remote attack

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.

CPENameOperatorVersion
vignette:storyservervignette storyservereq4.0
vignette:vignettevignetteeq5.0
vignette:storyservervignette storyservereq5.0
vignette:content_suitevignette content suiteeq6.0
vignette:content_suitevignette content suiteeq7.0
vignette:storyservervignette storyservereq4.1

CPE	Name	Operator	Version
vignette:storyserver	vignette storyserver	eq	4.0
vignette:vignette	vignette	eq	5.0
vignette:storyserver	vignette storyserver	eq	5.0
vignette:content_suite	vignette content suite	eq	6.0
vignette:content_suite	vignette content suite	eq	7.0
vignette:storyserver	vignette storyserver	eq	4.1

References

marc.info/?l=bugtraq&m=105405734223874&w=2

www.iss.net/security_center/static/12077.php

www.s21sec.com/es/avisos/s21sec-016-en.txt

www.securityfocus.com/bid/7685

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2003-0398

nessus1