|
|
Family: CGI abuses --> Category: infos
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Interchange < 5.0.2 / 5.2.1
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server uses an application server that may be prone to
SQL injection or cross-site scripting attacks.
Description :
The remote host appears to be running Interchange, an open-source
application server that handles state management, authentication,
session maintenance, click trails, filtering, URL encodings, and
security policy.
According to its banner, the installed version of Interchange fails to
sanitize input passed through to the 'forum/submit.html' page, which
may lead to either SQL injection or cross-site scripting attacks.
See also :
http://www.nessus.org/u?c36476c6
http://www.nessus.org/u?354ffb6a
Solution :
Upgrade to Interchange 5.0.2 / 5.2.1 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
