The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-11-19T05:00:00

Updated: 2024-08-08T00:31:48.314Z

Reserved: 2004-09-27T00:00:00

Link: CVE-2004-0917

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-01-27T05:00:00.000

Modified: 2024-11-20T23:49:40.593

Link: CVE-2004-0917

cve-icon Redhat

No data.