ID CVE-2004-0917 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:30:00
Description
The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n @stake, Inc.\r\n www.atstake.com\r\n\r\n Security Advisory\r\n\r\nAdvisory Name: Vignette Application Portal Unauthenticated\r\n Diagnostics\r\n Release Date: 09-28-2004\r\n Application: Vignette Application Portal\r\n Platform: Multiple\r\n Severity: Unauthenticated diagnostic functionality and\r\n information disclosure\r\n Author: Cory Scott <cscott@atstake.com>\r\nVendor Status: Vendor has published remediation advice \r\nCVE Candidate: CAN-2004-0917\r\n Reference: www.atstake.com/research/advisories/2004/a092804-1.txt\r\n\r\n\r\nOverview:\r\n\r\nVignette Application Portal is a portal framework that runs on a\r\nvariety of application servers and platforms. As part of the\r\ndeployed framework, there is a diagnostic utility that discloses\r\nsignificant detail on the configuration of the application server,\r\noperating system, and Vignette application. The diagnostic utility,\r\nwhich is installed by default, exposes details such as application\r\nserver and operating system version, database connection parameters,\r\nand bean IDs that are used for access to Vignette portal resources.\r\n\r\nIn the default installation of the Vignette software, the utility is\r\nnot secured against anonymous and unauthenticated access. Since\r\nmany portal deployments are on the Internet or exposed to untrusted\r\nnetworks, this results in an information disclosure vulnerability.\r\n\r\nVignette documentation does not give deployment advice to either\r\nalert administrators to the diagnostic utility's exposure or to\r\nrestrict access to the utility. In addition, the utility performs\r\na set of diagnostic checks that results in system load and outbound\r\nnetwork connections to test portal functionality.\r\n \r\n\r\nDetails:\r\n\r\nTo access the diagnostic utility, a user makes a web request to\r\n<sitename>/portal/diag/\r\n\r\n\r\nVendor Response:\r\n\r\nAfter notification by @stake, Vignette published a knowledge base\r\narticle (KB 6947) with remediation advice. It is accessible by\r\nVignette customers only. \r\n\r\n\r\nRecommendation:\r\n\r\nRestrict access to the diag directory on the web server or\r\napplication server. Ultimately, it would make sense for Vignette\r\nto authenticate user requests to the diagnostic utility and\r\nimplement access control.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nthe following names to these issues. These are candidates for \r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes \r\nnames for security problems.\r\n\r\n CAN-2004-0917 Vignette Application Portal Unauthenticated\r\n Diagnostics\r\n\r\n@stake Vulnerability Reporting Policy: \r\nhttp://www.atstake.com/research/policy/\r\n\r\n@stake Advisory Archive:\r\nhttp://www.atstake.com/research/advisories/\r\n\r\nPGP Key:\r\nhttp://www.atstake.com/research/pgp_key.asc\r\n\r\nCopyright 2004 @stake, Inc. All rights reserved.\r\n\r\n\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.0.3\r\n\r\niQA/AwUBQVlzF0e9kNIfAm4yEQLJjwCcDEFnnacQTF/IOQJTFm3jNZqx4d4AnRZa\r\nW5HemU39ASDoyjnwrbmTQmvU\r\n=ZeJY\r\n-----END PGP SIGNATURE-----", "modified": "2004-09-30T00:00:00", "published": "2004-09-30T00:00:00", "id": "SECURITYVULNS:DOC:6885", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6885", "title": "[VulnWatch] Vignette Application Portal Unauthenticate Diagnostics", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "description": "## Vulnerability Description\nVignette Application Portal Diagnostic Utility contains a flaw of by default it is accessible to anyone that may lead to an unauthorized information disclosure. The issue is triggered when a user makes a certain web request, which will disclose application server and OS versions, database connection parameters, and bean IDs used for accessing portal resources, resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict access to the diag directory on the web server or application server.\n## Short Description\nVignette Application Portal Diagnostic Utility contains a flaw of by default it is accessible to anyone that may lead to an unauthorized information disclosure. The issue is triggered when a user makes a certain web request, which will disclose application server and OS versions, database connection parameters, and bean IDs used for accessing portal resources, resulting in a loss of confidentiality.\n## References:\nVendor URL: http://www.vignette.com/\nSecurity Tracker: 1011447\n[Secunia Advisory ID:12676](https://secuniaresearch.flexerasoftware.com/advisories/12676/)\nOther Advisory URL: http://www.atstake.com/research/advisories/2004/a092804-1.txt\nISS X-Force ID: 17530\n[CVE-2004-0917](https://vulners.com/cve/CVE-2004-0917)\nBugtraq ID: 11267\n", "modified": "2004-09-28T00:00:00", "published": "2004-09-28T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10405", "id": "OSVDB:10405", "type": "osvdb", "title": "Vignette Application Portal Diagnostic Utility Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:07", "bulletinFamily": "scanner", "description": "The remote host is running Vignette Application Portal, a commercially available portal suite.\n\nThere is an information disclosure vulnerability in the remote version of this software. An attacker can request the diagnostic utility which will disclose information about the remote site by requesting /portal/diag/.", "modified": "2018-08-06T00:00:00", "id": "VIGNETTE_DIAG_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14847", "published": "2004-09-29T00:00:00", "title": "Vignette Application Portal Diagnostic Utility Information Disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n# Thanks to Cory Scott from @stake for his help during the \n# writing of this plugin\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14847);\n script_version(\"1.11\");\n script_cve_id(\"CVE-2004-0917\");\n script_bugtraq_id(11267);\n \n script_name(english:\"Vignette Application Portal Diagnostic Utility Information Disclosure\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by an \ninformation disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Vignette Application Portal, a \ncommercially available portal suite.\n\nThere is an information disclosure vulnerability in the \nremote version of this software. An attacker can request the \ndiagnostic utility which will disclose information about the \nremote site by requesting /portal/diag/.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Restrict access to the diag directory.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/09/28\");\n script_cvs_date(\"Date: 2018/08/06 14:03:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Request /portal/diag\"; \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\ndirs = get_kb_list(string(\"www/\", port, \"/content/directories\"));\nif(isnull(dirs)) dirs = make_list(\"\");\nelse dirs = make_list(dirs);\n\n\nforeach dir (dirs)\n{\n res = http_send_recv3(method:\"GET\", item:string(dir , \"/portal/diag/index.jsp\"), port:port);\n if( isnull(res) ) exit(1,\"Null response to index.jsp request.\");\n if(\"Vignette Application Portal Diagnostic Report\" >< res[2])\n {\n security_warning(port);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
