Vignette 4.x/5.0 Memory Disclosure Vulnerability

ID EDB-ID:22646
Type exploitdb
Reporter S21Sec
Modified 2003-05-26T00:00:00


Vignette 4.x/5.0 Memory Disclosure Vulnerability. CVE-2003-0400. Remote exploit for unix platform


Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which may cause data from adjacent memory to be returned to the remote attacker in the response.

This issue was reported for Vignette on IBM AIX. Other platforms may also be affected, though this has not been confirmed. The issue affects some of the default templates provided with Vignette.,501,,00.html?cookieName=x--\>