CVE-2003-0405
CVSS5.0
发布时间 :2003-06-30 00:00:00
修订时间 :2016-10-17 22:33:33
NMCOS    

[原文]Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.


[CNNVD]Vignette NEEDS命令TCL代码注入漏洞(CNNVD-200306-127)

        Vignette StoryServer 版本5和Vignette 版本V/6存在漏洞。远程攻击者可以借助(1)NEEDS命令处理的HTTP查询或cookie,或(2)VALID_PATHS命令处理的HTTP Referrer执行任意TCL代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:vignette:vignette:5.0
cpe:/a:vignette:content_suite:6.0.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:content_suite:6.0.3
cpe:/a:vignette:content_suite:6.0.2
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0405
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0405
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-127
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105405922826197&w=2
(UNKNOWN)  BUGTRAQ  20030526 S21SEC-024 - Vignette TCL Injection
http://www.iss.net/security_center/static/12070.php
(VENDOR_ADVISORY)  XF  vignette-tcl-code-execution(12070)
http://www.s21sec.com/es/avisos/s21sec-024-en.txt
(VENDOR_ADVISORY)  MISC  http://www.s21sec.com/es/avisos/s21sec-024-en.txt
http://www.securityfocus.com/bid/7690
(VENDOR_ADVISORY)  BID  7690
http://www.securityfocus.com/bid/7692
(VENDOR_ADVISORY)  BID  7692

- 漏洞信息

Vignette NEEDS命令TCL代码注入漏洞
中危 输入验证
2003-06-30 00:00:00 2005-10-20 00:00:00
远程  
        Vignette StoryServer 版本5和Vignette 版本V/6存在漏洞。远程攻击者可以借助(1)NEEDS命令处理的HTTP查询或cookie,或(2)VALID_PATHS命令处理的HTTP Referrer执行任意TCL代码。

- 公告与补丁

        This vulnerability does not affect Vignette Platform releases 6.0.4 and later. The vendor has stated that there are EFIXes available for vulnerable versions of the Vignette CMS. Affected users are advised to open a VOLSS ticket for further details or to request an EFIX.

- 漏洞信息

4859
Vignette StoryServer NEEDS Arbitrary TCL Injection
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Vignette Content Suite V5 and V6 and Vignette StoryServer V5 contains a flaw that allows a malicious user to execute arbitrary TCL commands. The proprietary NEEDS command evaluates some unfiltered variables with the SET command. If the user injects Vignette code through those variables then it is possible to execute arbitrary TCL commands. The affected input variables are HTTP_QUERY_STRING and HTTP_COOKIE. If the Vignette/TCL escape characters "[" and "]" are included then the code between them is evaluated as valid TCL code.

- 时间线

2003-05-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Vignette VALID_PATHS Command TCL Code Injection Vulnerability
Input Validation Error 7692
Yes No
2003-05-26 12:00:00 2009-07-11 10:06:00
Discovery of this vulnerability has been credited to Ramon Pinuaga Cascales <rpinuaga@s21sec.com>.

- 受影响的程序版本

Vignette Vignette V/5
Vignette V6 Content Suite 6.0.3
Vignette V6 Content Suite 6.0.2
Vignette V6 Content Suite 6.0.1
Vignette V6 Content Suite
Vignette StoryServer 5.0
Vignette StoryServer 4.1
Vignette StoryServer 4.0
Vignette Content Suite V7
Vignette Content Suite V5
Vignette V6 Content Suite 6.0.4

- 不受影响的程序版本

Vignette V6 Content Suite 6.0.4

- 漏洞讨论

Under some circumstances Vignette applications that harness the Vignette API, specifically the 'VALID_PATHS' command, may be prone to injection of arbitrary TCL code.

This could allow remote attackers to execute arbitrary commands with the privileges of the affected server. It has been reported that several of the default Vignette applications are prone to this issue.

This issue could also affect third-party applications that are developed for use with Vignette.

This issue was reported for Vignette StoryServer version 5 and version 6.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This vulnerability does not affect Vignette Platform releases 6.0.4 and later. The vendor has stated that there are EFIXes available for vulnerable versions of the Vignette CMS. Affected users are advised to open a VOLSS ticket for further details or to request an EFIX.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站