Analyst readout for executives and security teams
Plain-English summary
Interchange versions before 5.0.1 could let a remote attacker use a specially formed HTTP request to reveal internal variables and access or change sensitive SQL-related information. For an exposed e-commerce system, this is a serious confidentiality and integrity issue, even though the source bundle provides no CVSS score.
Executive priority
Prioritize quickly if Interchange supports storefront, order, customer, or database-backed workflows. The business risk is unauthorized disclosure or modification of sensitive commerce data. If Interchange is not present, close as not applicable after inventory confirmation.
Technical view
The issue is tied to Interchange URL handling: an HTTP request ending in "__SQLUSER__" can expose arbitrary variables and allow reading or modifying sensitive SQL information. The bundle identifies affected versions as Interchange before 5.0.1. No exploit code, patch details beyond the version boundary, or CVSS metrics are included.
Likely exposure
Exposure is most likely where legacy Interchange installations before 5.0.1 remain reachable over HTTP. Organizations not running Interchange, or running maintained versions after 5.0.1, are unlikely to be affected based on the provided sources.
Exploitation context
The bundle describes remote attackability via HTTP, but does not show active exploitation. The CVE is not marked as KEV. Treat exploit status as unknown unless internal telemetry or vendor intelligence indicates attempts against Interchange paths.
Researcher notes
Evidence is sparse but consistent: the CVE description, ICDevGroup references, SecurityFocus, IBM X-Force, Secunia, and Debian advisory all point to Interchange before 5.0.1. The bundle does not provide CVSS, CWE, affected CPEs, or detailed patch mechanics.
Mitigation direction
- Identify any Interchange deployments and confirm exact versions.
- Upgrade Interchange instances older than 5.0.1 according to vendor or distribution guidance.
- Review Debian DSA-471 if using Debian-packaged Interchange.
- Restrict public access to legacy Interchange systems until remediation is complete.
- Check vendor advisories for any configuration-specific guidance.
Validation and detection
- Confirm no internet-facing Interchange instance reports a version before 5.0.1.
- Review web logs for requests ending with "__SQLUSER__".
- Check SQL access logs for unexpected reads or modifications around suspicious HTTP activity.
- Verify package or application inventory against the Interchange version boundary.
- Document whether each exposed host is upgraded, retired, or isolated.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2004-0374 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- [interchange-announce] 20040329 Security Problem in InterchangeCVE reference · mailing-list, x_refsource_MLIST
- 10005CVE reference · vdb-entry, x_refsource_BID
- http://ftp.icdevgroup.org/interchange/5.0/WHATSNEWCVE reference · x_refsource_CONFIRM
- interchange-url-obtain-information(15670)CVE reference · vdb-entry, x_refsource_XF
- 11234CVE reference · third-party-advisory, x_refsource_SECUNIA
- DSA-471CVE reference · vendor-advisory, x_refsource_DEBIAN
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
