模板
教程
环境
性能
功能
管理
ColdFusionMX6.1onIISFileContentsDisclosure
发表于:2007-05-25来源:作者:点击数:
标签:
Summary ColdFusion is "a programming language based on standard HTML that is used to write dynamic webpages. When a page in a ColdFusion application is requested by a browser, it is automatically pre-processed by the ColdFusion Application
| Summary | |
| ColdFusion is "a programming language based on standard HTML that is used to write dynamic webpages. When a page in a ColdFusion application is requested by a browser, it is automatically pre-processed by the ColdFusion Application Server". | |
| Details | |
| Vulnerable Systems: * ColdFusion MX version 6.1 on IIS By supplying a filename of a file not 'associated' with the ColdFusion plugin and appending ;.cfm or any other extension that is associated with ColdFusion, it may be possible to view to contents of the files that otherwise would be protected by IIS's aclearcase/" target="_blank" >ccess restrictions. Impact: This vulnerability may expose sensitive files stored under the webroot, bypassing access restrictions set in the IIS management system. In order for the file to be read, it must be accessible to the user ColdFusion is executing as. This vulnerability still requires knowledge of the existence of a file of interest. It does not expose the directory listing. Workaround: Change the mapping rules for ColdFusion handled files to refer to specific files instead of the default *.cfm, *.jsp, etc. It is also possible to mitigate against exploitation by not storing sensitive information within the webroot of any server. Storing the information outside of the webroot may require changes to applications. Vendor response: MPSB04-09 - Cumulative Security Patch available for ColdFusion MX: _zone/mpsb04-09.html">http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html CVE Information: CAN-2004-0928 Disclosure timeline: 07/08/2004 Initial vendor notification 07/08/2004 iDEFENSE clients notified 07/09/2004 Initial vendor response 10/05/2004 Public disclosure | |
| Additional information | |
| The information has been provided by iDEFENSE. The original article can be found at: http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities |
