CVE-2003-0400
published 2003-06-30CVE-2003-0400: Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.50%
87.7th percentile
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vignette | content_suite | — | — |
| vignette | storyserver | — | — |
| vignette | storyserver | — | — |
| vignette | storyserver | — | — |
| vignette | storyserver | — | — |
| vignette | vignette | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vignette 4.x/5.0 - Memory Disclosure
exploitdb·2003-05-26
CVE-2003-0400 Vignette 4.x/5.0 - Memory Disclosure
Vignette 4.x/5.0 - Memory Disclosure
---
source: https://www.securityfocus.com/bid/7684/info
Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which may cause data from adjacent memory to be returned to the remote attacker in the response.
This issue was reported for Vignette on IBM AIX. Other platforms may also be affected, though this has not been confirmed. The issue affects some of the default templates provided with Vignette.
http://www.example.com/vgn/login/1,501,,00.html?cookieName=x--\>
Exploit-DB
Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure
exploitdb·2003-04-07
CVE-2003-0400 Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure
Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure
---
source: https://www.securityfocus.com/bid/7296/info
It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content.
If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is successful a dump of the current stack contents will be returned to the attackers browser within an error message.
The information gathered in this way may be used to mount further attacks against the system.
https://www.example.com/securelogin/1,2345,A,00.html?Errmessage="x214>x214
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105405985126857&w=2http://www.iss.net/security_center/static/12075.phphttp://www.s21sec.com/es/avisos/s21sec-018-en.txthttp://www.securityfocus.com/bid/7684http://marc.info/?l=bugtraq&m=105405985126857&w=2http://www.iss.net/security_center/static/12075.phphttp://www.s21sec.com/es/avisos/s21sec-018-en.txthttp://www.securityfocus.com/bid/7684
2003-06-30
Published