Vignette and StoryServer could allow an attacker to execute TCL code
| vignette-tcl-code-execution (12070) |  High Risk |
Description:
Vignette CMS and StoryServer could allow a remote attacker to execute Tool Command Language (TCL) code on the system, caused by a vulnerability in the NEEDS and VALID_PATHS commands. A remote attacker could pass specially-crafted HTTP_QUERY_STRING, HTTP_COOKIE or HTTP_REFERER variables containing TCL escape '[' and ']' characters to execute arbitrary TCL code on the system.
Platforms Affected:
- Vignette, StoryServer 5.0
- Vignette, Vignette V6
Remedy:
Contact Vignette Technical Support for upgrade or patch information, as listed in S21sec Security Advisory S21SEC-024-en. See References.
Consequences:
Gain Access
References:
- S21sec Security Advisory S21SEC-024-en, TCL code Execution, Remote command execution at http://www.s21sec.com/en/avisos/s21sec-024-en.txt.
- VulnWatch Mailing List, Mon May 26 2003 - 19:28:25 CDT , More S21sec Vignette advisories at http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0085.html.
- BID-7690: Vignette NEEDS Command TCL Code Injection Vulnerability
- BID-7692: Vignette VALID_PATHS Command TCL Code Injection Vulnerability
- CVE-2003-0405: Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
Reported:
May 26, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net