CVE-2003-0400 - OpenCVE

Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vignette	Content Suite Storyserver Vignette

Configuration 1 [-]

OR	cpe:2.3:a:vignette:content_suite:6.0:::::::*
	cpe:2.3:a:vignette:storyserver:4.0:::::::*
	cpe:2.3:a:vignette:storyserver:4.1:::::::*
	cpe:2.3:a:vignette:storyserver:4.2:::::::*
	cpe:2.3:a:vignette:storyserver:5.0:::::::*
	cpe:2.3:a:vignette:vignette:5.0:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=105405985126857&w=2
http://www.iss.net/security_center/static/12075.php
http://www.s21sec.com/es/avisos/s21sec-018-en.txt
http://www.securityfocus.com/bid/7684

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-06-11T04:00:00

Updated: 2024-08-08T01:50:48.069Z

Reserved: 2003-06-10T00:00:00

Link: CVE-2003-0400

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-06-30T04:00:00.000

Modified: 2016-10-18T02:33:27.453

Link: CVE-2003-0400

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the \"-->\" string in a CookieName argument to the login template, referred to as a \"memory leak\" in some reports."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.s21sec.com/es/avisos/s21sec-018-en.txt"}, {"name": "vignette-memory-leak(12075)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/12075.php"}, {"name": "7684", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7684"}, {"name": "20030526 S21SEC-018 - Vignette memory leak AIX Platform", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105405985126857&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the \"-->\" string in a CookieName argument to the login template, referred to as a \"memory leak\" in some reports."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.s21sec.com/es/avisos/s21sec-018-en.txt", "refsource": "MISC", "url": "http://www.s21sec.com/es/avisos/s21sec-018-en.txt"}, {"name": "vignette-memory-leak(12075)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/12075.php"}, {"name": "7684", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7684"}, {"name": "20030526 S21SEC-018 - Vignette memory leak AIX Platform", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105405985126857&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:50:48.069Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.s21sec.com/es/avisos/s21sec-018-en.txt"}, {"name": "vignette-memory-leak(12075)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/12075.php"}, {"name": "7684", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/7684"}, {"name": "20030526 S21SEC-018 - Vignette memory leak AIX Platform", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105405985126857&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0400", "datePublished": "2003-06-11T04:00:00", "dateReserved": "2003-06-10T00:00:00", "dateUpdated": "2024-08-08T01:50:48.069Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "460D6CDD-85AF-4E27-ABFB-3BF603B0EDCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "331AD9B5-7E79-45CA-AFE1-84B1545FE74A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A69859D5-F4AF-4239-ADB2-5AB3F6A3F25F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vignette:storyserver:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "C724A1B3-FD85-4722-B6A8-03C02B204069", "vulnerable": true}, {"criteria": "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1113CE36-9F16-443E-B4B6-C9EA21DEF362", "vulnerable": true}, {"criteria": "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D1E15D6-2CA5-419C-80AD-9E8FE6A054C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the \"-->\" string in a CookieName argument to the login template, referred to as a \"memory leak\" in some reports."}, {"lang": "es", "value": "Vignette StoryServer y Vignette V/5 no calcula adecuadamente el tama\u00f1o de variables de texto, lo que hace que devuelva trozos de contenido de memoria no autorizado, como se ha demostrado usando la cadena \"-->\" en un argumento CookieName de la plantilla de inicio de sesi\u00f3n, referido como \"fuga de memora\" en algunos informes."}], "id": "CVE-2003-0400", "lastModified": "2016-10-18T02:33:27.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-06-30T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105405985126857&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/12075.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.s21sec.com/es/avisos/s21sec-018-en.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/7684"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}