11 lines
No EOL
827 B
Text
11 lines
No EOL
827 B
Text
source: https://www.securityfocus.com/bid/5453/info
|
|
|
|
A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers.
|
|
|
|
The vulnerability occurs due to the placement of the 'doc' folder. Reportedly, the folder will be installed as follows: <INTERCHANGE_ROOT>/doc. This folder, by default, contains Interchange man pages. This vulnerability is only exploitable when the Interchange service runs in INET (Internet service) mode.
|
|
|
|
An attacker may exploit this vulnerability to the contents of restricted files accessible to the Interchange process.
|
|
|
|
It has been reported that this issue may be exploited through a '../' directory traversal sequence in a HTTP request to the vulnerable server.
|
|
|
|
http://www.domain.com:7786/../../../../../../../../../etc/passwd |