CVE-2003-0405
Published Jun 30, 2003
Last updated 8 years ago
Overview
- Description
- Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "240B7293-825A-4224-B767-D79FF7D90AA1"
},
{
"criteria": "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "460D6CDD-85AF-4E27-ABFB-3BF603B0EDCD"
},
{
"criteria": "cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1A383FC-9F74-408A-A464-2FE2015B7207"
},
{
"criteria": "cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF268723-2CD9-4EC6-9C08-FCC0C75E1D60"
},
{
"criteria": "cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FE9C3E8-C177-4E98-8986-D2FA258C8C41"
},
{
"criteria": "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1113CE36-9F16-443E-B4B6-C9EA21DEF362"
},
{
"criteria": "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D1E15D6-2CA5-419C-80AD-9E8FE6A054C3"
}
],
"operator": "OR"
}
]
}
]