Interchange do_view Unauthenticated File Read

2001-04-16T00:00:00
ID OSVDB:7145
Type osvdb
Reporter OSVDB
Modified 2001-04-16T00:00:00

Description

Vulnerability Description

Interchange contains a flaw that may allow a remote attacker to access arbitrary files in the catalog directory including plaintext sources to database tables. The issue is due to the do_view administrative script not properly authenticating before handling the request.

Solution Description

Upgrade to version 4.6.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Interchange contains a flaw that may allow a remote attacker to access arbitrary files in the catalog directory including plaintext sources to database tables. The issue is due to the do_view administrative script not properly authenticating before handling the request.

References:

Vendor URL: http://www.icdevgroup.org Vendor Specific Advisory URL