Vignette Application Portal Diagnostic Utility Information Disclosure

medium Nessus Plugin ID 14847

Language:

Synopsis

The remote host has an application that is affected by an information disclosure vulnerability.

Description

The remote host is running Vignette Application Portal, a commercially available portal suite.

There is an information disclosure vulnerability in the remote version of this software. An attacker can request the diagnostic utility which will disclose information about the remote site by requesting /portal/diag/.

Solution

Restrict access to the diag directory.

Plugin Details

Severity: Medium

ID: 14847

File Name: vignette_diag_disclosure.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 9/29/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/28/2004

Reference Information

CVE: CVE-2004-0917

BID: 11267

Detections

Analytics