Interchange HTTP POST Requests Denial Of Service Vulnerability

Bugtraq ID:	23932
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	May 11 2007 12:00AM
Updated:	May 11 2007 07:28PM
Credit:	Donald Alexander is credited with the discovery of this vulnerability.
Vulnerable:	Interchange Interchange 5.4.1 Interchange Interchange 5.2.1 Interchange Interchange 5.2 Interchange Interchange 5.0.2 Interchange Interchange 5.0.1 Interchange Interchange 5.0 Interchange Interchange 4.8.9 Interchange Interchange 4.8.8 Interchange Interchange 4.8.7 Interchange Interchange 4.8.6 Interchange Interchange 4.8.5 Interchange Interchange 4.8.4 Interchange Interchange 4.8.3 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Interchange Interchange 4.8.2 Interchange Interchange 4.8.1
Not Vulnerable:	Interchange Interchange 5.4.2

Interchange HTTP POST Requests Denial Of Service Vulnerability

Interchange is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to stop responding, denying further service to legitimate users.

This issue affects Interchange 5.4.1 and prior versions.

Interchange HTTP POST Requests Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Interchange HTTP POST Requests Denial Of Service Vulnerability

Solution:
The vendor has released version 5.4.2 to address this issue; please see the references for details.

Interchange HTTP POST Requests Denial Of Service Vulnerability

References:

• Interchange Download (Interchange)
  
• Interchange Homepage (Interchange)
  
• Version 5.4.2 Release Notes (Interchange)