CVE-2004-0917

Опубликовано: 27 янв. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

Ссылки

http://securitytracker.com/id?1011447
http://www.atstake.com/research/advisories/2004/a092804-1.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/11267
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17530
http://securitytracker.com/id?1011447
http://www.atstake.com/research/advisories/2004/a092804-1.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/11267
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17530

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vignette:application_portal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00618

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cc4q-9gx5-5fg3

github

почти 4 года назад