InterSystems Cache Login Page Redirection Unauthorized Data Manipulation Vulnerability

Bugtraq ID:	25408
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 18 2007 12:00AM
Updated:	Aug 31 2007 06:52PM
Credit:	The vendor disclosed this issue.
Vulnerable:	InterSystems Cache 2007.1.1 .420.0 InterSystems Cache 2007.1 .369.0
Not Vulnerable:

InterSystems Cache Login Page Redirection Unauthorized Data Manipulation Vulnerability

InterSystems Cache is prone to a vulnerability that may allow remote attackers to manipulate data. This may aid in further attacks.

Cache 2007.1.0.369.0 and 2007.1.1.420.0 are vulnerable to this issue.

InterSystems Cache Login Page Redirection Unauthorized Data Manipulation Vulnerability

Attackers use a browser to exploit this issue.

InterSystems Cache Login Page Redirection Unauthorized Data Manipulation Vulnerability

Solution:
The vendor has released a fix to address this issue. Please see the references for more information.


InterSystems Cache 2007.1 .369.0

• InterSystems Adhoc5655.zip
  http://www.intersystems.com/support/Adhoc5655.zip

InterSystems Cache 2007.1.1 .420.0

• InterSystems Adhoc5655.zip
  http://www.intersystems.com/support/Adhoc5655.zip

InterSystems Cache Login Page Redirection Unauthorized Data Manipulation Vulnerability

References:

• Caché News, Alerts, and Advisories (InterSystems)
  
• InterSystems Caché: Post-relational Database Homepage (InterSystems)