Vulnerability Details : CVE-2003-0405
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
Products affected by CVE-2003-0405
- cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0405
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0405
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2003-0405
-
http://www.securityfocus.com/bid/7690
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/7692
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=105405922826197&w=2
-
http://www.iss.net/security_center/static/12070.php
Vendor Advisory
-
http://www.s21sec.com/es/avisos/s21sec-024-en.txt
Patch;Vendor Advisory
Jump to