Vignette StoryServer Cross-user Session Information Disclosure
Medium Nessus Network Monitor Plugin ID 1458
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is running Vignette StoryServer, a web interface to Vignette's content management suite. A flaw in the product may allow an attacker, under certain circumstances, to extract information about the sessions of other users as well as other sensitive information.
SolutionA patch is available at http://support.vignette.com/VOLSS/KB/View/1,,5360,00.html