Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=105405922826197&w=2 | |
http://www.iss.net/security_center/static/12070.php | Vendor Advisory |
http://www.s21sec.com/es/avisos/s21sec-024-en.txt | Patch Vendor Advisory |
http://www.securityfocus.com/bid/7690 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/7692 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2003-06-11T04:00:00
Updated: 2016-10-17T13:57:01
Reserved: 2003-06-10T00:00:00
Link: CVE-2003-0405
JSON object: View
NVD Information
Status : Modified
Published: 2003-06-30T04:00:00.000
Modified: 2016-10-18T02:33:33.733
Link: CVE-2003-0405
JSON object: View
Redhat Information
No data.
CWE