Short Name |
HTTP:INFO-LEAK:VIGNETTE-DIAG |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Vignette Application Portal Unauthenticated Diagnostics Page Access |
Release Date |
2004/10/13 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to access the diagnostic utility supplied with the Vignette Application server. Because the utility does not use access controls, attackers (or any client) can connect to the utility and access sensitive configuration information.
Vignette Application Portal is affected by a remote information disclosure vulnerability. This issue is due to a design error that facilitates unauthorized access to sensitive information. An attacker can leverage this issue to reveal sensitive information such as operating system version, application version, database connection parameters, and various other application portal related setting details.