Vulnerabilities > CVE-2003-0400 - Unspecified vulnerability in Vignette Content Suite, Storyserver and Vignette

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vignette

exploit available

NVD

Published: 2003-06-30

Updated: 2016-10-18

Summary

Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.

Vulnerable Configurations

Part	Description	Count
Application	Vignette Vignette Content Suite 6.0 Vignette Storyserver 4.0 Vignette Storyserver 4.1 Vignette Storyserver 4.2 Vignette Storyserver 5.0 Vignette Vignette 5.0	6

Exploit-Db

description	Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability. CVE-2003-0400. Remote exploits for multiple platform
id	EDB-ID:22472
last seen	2016-02-02
modified	2003-04-07
published	2003-04-07
reporter	@stake
source	https://www.exploit-db.com/download/22472/
title	Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability

description	Vignette 4.x/5.0 Memory Disclosure Vulnerability. CVE-2003-0400. Remote exploit for unix platform
id	EDB-ID:22646
last seen	2016-02-02
modified	2003-05-26
published	2003-05-26
reporter	S21Sec
source	https://www.exploit-db.com/download/22646/
title	Vignette 4.x/5.0 Memory Disclosure Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References