Vulnerability Description
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Interchange Development Group | Interchange | 4.8.1 |
References
- http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW
- http://secunia.com/advisories/11234
- http://www.debian.org/security/2004/dsa-471PatchVendor Advisory
- http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html
- http://www.securityfocus.com/bid/10005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15670
- http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW
- http://secunia.com/advisories/11234
- http://www.debian.org/security/2004/dsa-471PatchVendor Advisory
- http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html
- http://www.securityfocus.com/bid/10005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15670
FAQ
What is CVE-2004-0374?
CVE-2004-0374 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
How severe is CVE-2004-0374?
CVE-2004-0374 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0374?
Check the references section above for vendor advisories and patch information. Affected products include: Interchange Development Group Interchange.