Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0374

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0374
Last Modified 05 Sep 2008 04:38:16
Published 04 May 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0374

Summary

Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.

Vulnerable Systems

Application

  • Interchange Development Group Interchange 4.8.1

  • Interchange Development Group Interchange 4.8.2

  • Interchange Development Group Interchange 4.8.3

  • Interchange Development Group Interchange 4.8.4

  • Interchange Development Group Interchange 4.8.5

  • Interchange Development Group Interchange 4.8.6

  • Interchange Development Group Interchange 4.8.7

  • Interchange Development Group Interchange 4.8.8

  • Interchange Development Group Interchange 4.8.9

  • Interchange Development Group Interchange 5.0


References

XF - interchange-url-obtain-information(15670)

DEBIAN - DSA-471

BID - 10005

SECUNIA - 11234

CONFIRM - http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW

MLIST - [interchange-announce] 20040329 Security Problem in Interchange


Last Updated: 27 May 2016 10:38:35