CVE-2002-0385 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2002-0385

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of (double quote) and and > characters, which causes the TCL interpreter to crash and include stack data in the output.

Affected Software

Name	Vendor	Start Version	End Version
Storyserver	Vignette	4.1 (including)	4.1 (including)
Storyserver	Vignette	6.0 (including)	6.0 (including)
Vignette	Vignette	5.0 (including)	5.0 (including)

References

http://www.atstake.com/research/advisories/2003/a040703-1.txt
http://www.securityfocus.com/bid/7296
https://exchange.xforce.ibmcloud.com/vulnerabilities/11725
http://www.atstake.com/research/advisories/2003/a040703-1.txt
http://www.securityfocus.com/bid/7296
https://exchange.xforce.ibmcloud.com/vulnerabilities/11725