{"api_version":"1","generated_at":"2026-04-30T04:41:46+00:00","cve":"CVE-2003-0405","urls":{"html":"https://cve.report/CVE-2003-0405","api":"https://cve.report/api/cve/CVE-2003-0405.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-0405","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-0405"},"summary":{"title":"CVE-2003-0405","description":"Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.","state":"PUBLISHED","assigner":"mitre","published_at":"2003-06-30 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt","name":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Página no encontrada – S21Sec","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.iss.net/security_center/static/12070.php","name":"http://www.iss.net/security_center/static/12070.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ISS X-Force Database: vignette-tcl-code-execution (12070): Vignette and StoryServer could allow an attacker to execute TCL code","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=105405922826197&w=2","name":"http://marc.info/?l=bugtraq&m=105405922826197&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'S21SEC-024 - Vignette TCL Injection' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/7692","name":"http://www.securityfocus.com/bid/7692","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Vignette VALID_PATHS Command TCL Code Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/7690","name":"http://www.securityfocus.com/bid/7690","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Vignette NEEDS Command TCL Code Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-0405","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-0405","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"content_suite","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"content_suite","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"content_suite","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"content_suite","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"content_suite","cpe6":"6.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"storyserver","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"405","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vignette","cpe5":"vignette","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:50:47.699Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"vignette-tcl-code-execution(12070)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/12070.php"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt"},{"name":"20030526 S21SEC-024 - Vignette TCL Injection","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=105405922826197&w=2"},{"name":"7692","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/7692"},{"name":"7690","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/7690"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-05-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-10-17T13:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"vignette-tcl-code-execution(12070)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/12070.php"},{"tags":["x_refsource_MISC"],"url":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt"},{"name":"20030526 S21SEC-024 - Vignette TCL Injection","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=105405922826197&w=2"},{"name":"7692","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/7692"},{"name":"7690","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/7690"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-0405","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"vignette-tcl-code-execution(12070)","refsource":"XF","url":"http://www.iss.net/security_center/static/12070.php"},{"name":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt","refsource":"MISC","url":"http://www.s21sec.com/es/avisos/s21sec-024-en.txt"},{"name":"20030526 S21SEC-024 - Vignette TCL Injection","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=105405922826197&w=2"},{"name":"7692","refsource":"BID","url":"http://www.securityfocus.com/bid/7692"},{"name":"7690","refsource":"BID","url":"http://www.securityfocus.com/bid/7690"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-0405","datePublished":"2003-06-11T04:00:00.000Z","dateReserved":"2003-06-10T00:00:00.000Z","dateUpdated":"2024-08-08T01:50:47.699Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2003-06-30 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*","matchCriteriaId":"240B7293-825A-4224-B767-D79FF7D90AA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*","matchCriteriaId":"460D6CDD-85AF-4E27-ABFB-3BF603B0EDCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A1A383FC-9F74-408A-A464-2FE2015B7207"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"BF268723-2CD9-4EC6-9C08-FCC0C75E1D60"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3FE9C3E8-C177-4E98-8986-D2FA258C8C41"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*","matchCriteriaId":"1113CE36-9F16-443E-B4B6-C9EA21DEF362"},{"vulnerable":true,"criteria":"cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*","matchCriteriaId":"8D1E15D6-2CA5-419C-80AD-9E8FE6A054C3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"405","Ordinal":"1","Title":"CVE-2003-0405","CVE":"CVE-2003-0405","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"405","Ordinal":"1","NoteData":"Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.","Type":"Description","Title":"CVE-2003-0405"},{"CveYear":"2003","CveId":"405","Ordinal":"2","NoteData":"2003-06-11","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"405","Ordinal":"3","NoteData":"2016-10-17","Type":"Other","Title":"Modified"}]}}}