Vulnerabilities > CVE-2004-0917 - Remote Information Disclosure vulnerability in Vignette Application Portal

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vignette
nessus
NVD
Published: 2005-01-27
Updated: 2017-07-11

Summary

The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.

Vulnerable Configurations

Part Description Count
Application
Vignette
1

Nessus

NASL familyCGI abuses
NASL idVIGNETTE_DIAG_DISCLOSURE.NASL
descriptionThe remote host is running Vignette Application Portal, a commercially available portal suite. There is an information disclosure vulnerability in the remote version of this software. An attacker can request the diagnostic utility which will disclose information about the remote site by requesting /portal/diag/.
last seen2020-06-01
modified2020-06-02
plugin id14847
published2004-09-29
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14847
titleVignette Application Portal Diagnostic Utility Information Disclosure
code
#
# (C) Tenable Network Security
#

# Thanks to Cory Scott from @stake for his help during the 
# writing of this plugin


include("compat.inc");

if(description)
{
 script_id(14847);
 script_version("1.11");
 script_cve_id("CVE-2004-0917");
 script_bugtraq_id(11267);
 
 script_name(english:"Vignette Application Portal Diagnostic Utility Information Disclosure");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by an 
information disclosure vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Vignette Application Portal, a 
commercially available portal suite.

There is an information disclosure vulnerability in the 
remote version of this software. An attacker can request the 
diagnostic utility which will disclose information about the 
remote site by requesting /portal/diag/." );
 script_set_attribute(attribute:"solution", value:
"Restrict access to the diag directory." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/29");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/28");
 script_cvs_date("Date: 2018/08/06 14:03:14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Request /portal/diag"; 
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

dirs = get_kb_list(string("www/", port, "/content/directories"));
if(isnull(dirs)) dirs = make_list("");
else dirs = make_list(dirs);


foreach dir (dirs)
{
  res = http_send_recv3(method:"GET", item:string(dir , "/portal/diag/index.jsp"), port:port);
  if( isnull(res) ) exit(1,"Null response to index.jsp request.");
  if("Vignette Application Portal Diagnostic Report" >< res[2])
  {
   security_warning(port);
  }
}

References