[NT] Patch Available for Default Missing Template page in ColdFusion MX
From: support@securiteam.comDate: 06/19/02
- Previous message: support@securiteam.com: "[TOOL] Systrace - Interactive Policy Generation for System Calls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 19 Jun 2002 08:46:51 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Patch Available for Default Missing Template page in ColdFusion MX
------------------------------------------------------------------------
SUMMARY
The default Missing Template handler in ColdFusion MX displays the missing
template URI without checking the filename for invalid characters. This
may allow a filename to contain executable JavaScript strings. This
vulnerability is also sometimes called "Cross Site Scripting".
DETAILS
Vulnerable systems:
* ColdFusion MX (English release, All Editions, All Platforms)
Macromedia's ColdFusion MX comes with a default 404 error page. This 404
Solution:
2) Install the patch. The patch consists of a replacement template which
* Windows:
ADDITIONAL INFORMATION
The information has been provided by <mailto:ORY.SEGAL@SANCTUMINC.COM>
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
error page presents the path of the file requested, and does not filter it
for hazardous characters, which might be used for a cross site scripting
attack. For example, the following requests will pop-up a message
containing the current session cookies:
http://CF_MX_SERVER/
Customers should either:
1) Create their own Missing Template Handler and specify this handler in
the Settings page of ColdFusion Administrator. This handler should not
display the missing URI
can be downloaded from can be downloaded from
<http://download.macromedia.com/pub/security_zone/cfmx/MPSB02-03.zip>
MPSB02-03: Security Update. This file is a replacement for:
{installation_directory}\CFusionMX\wwwroot\WEB-INF\exception\detail.cfm
* Unix:
{installation_directory}/CFusionMX/wwwroot/WEB-INF/exception/detail.cfm
Ory Segal.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... Both vulnerabilities are know as cross site scripting. ... The server
variables issue was reported by David Caylor. ... The security team whishes to thank
Dave, Morten Wulff, Brenda Wallace, ... (Bugtraq)
... SECURITY at MORITZ hyphon NAUMANN d0t COM ... WebScarab is subject to
a client side script code injection ... Cross Site Scripting, also known as XSS
or CSS, describes ... (Full-Disclosure)
... SECURITY at MORITZ hyphon NAUMANN d0t COM ... WebScarab is subject to
a client side script code injection ... Cross Site Scripting, also known as XSS
or CSS, describes ... (Bugtraq)
... You are taking a terribly narrow view of security. ... worse) your server.
... Google around for cross site scripting exploits. ... your 'secure' web UI's
techniques and can be _very_ nasty. ... (comp.databases.pick)
... SECURITY at MORITZ hyphon NAUMANN d0t COM ... WebScarab is subject to
a client side script code injection ... Cross Site Scripting, also known as XSS
or CSS, describes ... (Full-Disclosure)
