Lucene search

K
cve[email protected]CVE-2004-0917
HistoryJan 27, 2005 - 5:00 a.m.

CVE-2004-0917

2005-01-2705:00:00
NVD-CWE-Other
web.nvd.nist.gov
28
vignette application portal
cve-2004-0917
remote attackers
information disclosure
unauthorized access
http request vulnerability

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.5%

The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.5%

Related for CVE-2004-0917