Vulnerabilities > CVE-2003-0400 - Unspecified vulnerability in Vignette Content Suite, Storyserver and Vignette
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN vignette
exploit available
Summary
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Exploit-Db
description Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability. CVE-2003-0400. Remote exploits for multiple platform id EDB-ID:22472 last seen 2016-02-02 modified 2003-04-07 published 2003-04-07 reporter @stake source https://www.exploit-db.com/download/22472/ title Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability description Vignette 4.x/5.0 Memory Disclosure Vulnerability. CVE-2003-0400. Remote exploit for unix platform id EDB-ID:22646 last seen 2016-02-02 modified 2003-05-26 published 2003-05-26 reporter S21Sec source https://www.exploit-db.com/download/22646/ title Vignette 4.x/5.0 Memory Disclosure Vulnerability
References
- http://marc.info/?l=bugtraq&m=105405985126857&w=2
- http://marc.info/?l=bugtraq&m=105405985126857&w=2
- http://www.iss.net/security_center/static/12075.php
- http://www.iss.net/security_center/static/12075.php
- http://www.s21sec.com/es/avisos/s21sec-018-en.txt
- http://www.s21sec.com/es/avisos/s21sec-018-en.txt
- http://www.securityfocus.com/bid/7684
- http://www.securityfocus.com/bid/7684