[ic] Security Problem in Interchange
jon at endpoint.com
Mon Mar 29 19:43:53 EST 2004
On Mon, 29 Mar 2004, Grant wrote:
> So I am safe without the patch if I don't use
> @@MV_PREV_PAGE@@ and [subject] at all?
At least for the particular exploit that has been discussed. It's possible
there are other pages that use @@MV_PREV_PAGE@@ or [subject] that could be
vulnerable, and protecting against the unknown is what the patch is good
for. But for a quick fix against this particular problem, yes, scrubbing
special_pages/missing.html seems to do the trick.
More information about the interchange-users