S21SEC-019 - Vignette /vgn/style internal information leak

From: S21SEC (vul-serv_at_s21sec.com)
Date: 05/26/03

  • Next message: Conectiva Updates: "[CLA-2003:655] Conectiva Security Announcement - BitchX" 
    Date: Mon, 26 May 2003 16:11:01 +0200
To: bugtraq@securityfocus.com

    ###############################################################
    ID: S21SEC-019-en
    Title: Vignette /vgn/style internal information leak
    Date: 15/03/2003
    Status: Vendor contacted and solution available
    Scope: Revelation of internal variables
    Platforms: All
    Author: rpinuaga
    Location: http://www.s21sec.com/es/avisos/s21sec-019-en.txt
    Release: External
    ###############################################################

                                    S 2 1 S E C

                               http://www.s21sec.com

                    Vignette /vgn/style internal information leak

    About Vignette
    --------------

    Vignette develops Content Management and Application Portal Software.

    Description of vulnerability
    ----------------------------

    Vignette Software installs by default some help applications under de /vgn web directory.

    One of this applications return a dump of internal information when the template is accessed directly through a web browser. This information contains variable names, private PATHs, and other information related to the internal state of the Vignette server.

    The common location for this template is: /vgn/style

    Affected Versions and platforms
    -------------------------------

    This vulnerability has been tested in Vignette StoryServer and Vignette V/5. But it seems that all currently avaliable versions are vulnerable.

    Solution
    --------

    Vignette users should procceed to contact vignette throught the standard channels VOLS etc in order to get a solution.

    Additional information
    ----------------------

    These vulnerabilities have been found and researched by:

     Ramon Pinuaga Cascales rpinuaga@s21sec.com

    You can find the last version of this warning in:

            http://www.s21sec.com/es/avisos/s21sec-019-en.txt

    And other S21SEC warnings in http://www.s21sec.com/es/avisos/

  • Next message: Conectiva Updates: "[CLA-2003:655] Conectiva Security Announcement - BitchX"

    Relevant Pages

    • [NEWS] Vignette Story Server Sensitive Information Disclosure
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vignette Story Server allows the publication of both static and dynamic ... exists vulnerability within the TCL interpreter used that allows 'dumping' ... @stake calls Vignette contact to explain vulnerability, ...
      (Securiteam)
    • [NEWS] Vignette Server SSI Injection
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in the Vignette server allows ...
      (Securiteam)
    • S21SEC-018 - Vignette memory leak AIX Platform
      ... Vignette memory leak AIX Platform ... Affected Versions and platforms ... This vulnerability has been tested in Vignette StoryServer and Vignette V/5. ...
      (Bugtraq)
    • S21SEC-024 - Vignette TCL Injection
      ... Title: Vignette TCL Injection ... Vignette Software presents a vulnerability in some propietary commands that permits the injection of TCL code under some circunstances. ... the value of some unfiltered variables is used and evaluated with the SHOW command. ...
      (Bugtraq)
    • S21SEC-020 - Vignette user enumeration
      ... Title: Vignette user enumeration ... Scope: Enumeration of user status ... Affected Versions and platforms ... This vulnerability has been tested in Vignette StoryServer 5 and Vignette V/5. ...
      (Bugtraq)