Vignette StoryServer TCL Interpreter information disclosure
| storyserver-tcl-information-disclosure (11725) |  Medium Risk |
Description:
StoryServer could allow a remote attacker to obtain sensitive information. By sending a specially-crafted URL request for a dynamic page containing excessive double-quotes (") along with (>) characters, a remote attacker could cause the TCL Interpreter to crash and return sensitive information, including information about other user's sessions and server code.
Platforms Affected:
- Vignette, StoryServer 4.1
- Vignette, StoryServer 6.0
Remedy:
Contact Vignette Technical Support for patch information. See References.
Consequences:
Obtain Information
References:
- @stake, Inc. Security Advisory A040703-1, Vignette Story Server sensitive information disclosure at http://www.webproxy.com/research/advisories/2003/a040703-1.txt.
- Vignette Technical Support Web site, Vignette - Content Management at http://support@vignette.com/.
- BID-7296: Vignette StoryServer Sensitive Stack Memory Information Disclosure Vulnerability
- BID-730: Internet Anywhere Mail Server Multiple Buffer Overflow Vulnerabilities
- CVE-2002-0385: Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.
Reported:
Apr 07, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net