Lucene search
AnonymousEDB-ID:21706HistoryAug 13, 2002 - 12:00 a.m.
RedHat Interchange 4.8.x - Arbitrary File Read
2002-08-1300:00:00
anonymous
www.exploit-db.com
11
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/5453/info
A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers.
The vulnerability occurs due to the placement of the 'doc' folder. Reportedly, the folder will be installed as follows: <INTERCHANGE_ROOT>/doc. This folder, by default, contains Interchange man pages. This vulnerability is only exploitable when the Interchange service runs in INET (Internet service) mode.
An attacker may exploit this vulnerability to the contents of restricted files accessible to the Interchange process.
It has been reported that this issue may be exploited through a '../' directory traversal sequence in a HTTP request to the vulnerable server.
http://www.domain.com:7786/../../../../../../../../../etc/passwdRelated
nvd
nvd
CVE-2002-0874
2002-09-05 04:00:00
openvas
openvas
Debian Security Advisory DSA 150-1 (interchange)
2008-01-17 00:00:00
Debian Security Advisory DSA 150-1 (interchange)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-150-1 : interchange - illegal file exposition
2004-09-29 00:00:00
Red Hat Interchange INET Mode Detection
2002-09-21 00:00:00
cvelist
cvelist
CVE-2002-0874
2002-08-20 04:00:00
osv
osv
interchange - illegal file exposition
2002-08-13 00:00:00
cve
cve
CVE-2002-0874
2002-09-05 04:00:00