Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3073

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3073
Last Modified 05 Sep 2008 04:53:23
Published 27 Sep 2005 03:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3073

Summary

Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.

Vulnerable Systems

Application

  • Interchange Development Group Interchange 4.9.3

  • Interchange Development Group Interchange 5.0

  • Interchange Development Group Interchange 5.2


References

MLIST - [interchange-announce] 20050923 Important: Security flaw found in Interchange demo - Addendum

MLIST - [interchange-announce] 20050922 Important: Security flaw found in Interchange demo catalog.

SECUNIA - 16923

XF - interchange-submit-itl-injection(22387)

BID - 14931

OSVDB - 19653


Last Updated: 27 May 2016 10:40:47