Detections
Analytics

Debian DSA-471-1 : interchange - missing input sanitising

medium Nessus Plugin ID 15308

Synopsis

The remote Debian host is missing a security-related update.

Description

A vulnerability was discovered recently in Interchange, an e-commerce and general HTTP database display system. This vulnerability can be exploited by an attacker to expose the content of arbitrary variables.
An attacker may learn SQL access information for your Interchange application and use this information to read and manipulate sensitive data.

Solution

Upgrade the interchange package.

For the stable distribution (woody) this problem has been fixed in version 4.8.3.20020306-1.woody.2.

See Also

http://www.debian.org/security/2004/dsa-471

Plugin Details

Severity: Medium

ID: 15308

File Name: debian_DSA-471.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:interchange, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/2/2004

Vulnerability Publication Date: 3/29/2004

Reference Information

CVE: CVE-2004-0374

BID: 10005

DSA: 471