[NEWS] Path Disclosure in Macromedia ColdFusion MX Server

support_at_securiteam.com
Date: 04/27/03

  • Next message: support_at_securiteam.com: "[NT] Buffer Overflow in Internet Explorer's HTTP Parsing Code"
    To: list@securiteam.com
    Date: 27 Apr 2003 21:37:44 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    In the US?

    Contact Beyond Security at our new California office
    housewarming rates on automated network vulnerability
    scanning. We also welcome ISPs and other resellers!

    Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
    - - - - - - - - -

      Path Disclosure in Macromedia ColdFusion MX Server
    ------------------------------------------------------------------------

    SUMMARY

    Macromedia Cold Fusion MX Server is a "powerful web application server
    that lets you create robust sites and applications without a long learning
    curve". A vulnerability in the product allows a remote attacker to cause
    the product to disclose its path location.

    DETAILS

    In its default installation, the Macromedia ColdFusion MX Server starts a
    web server (jrun) on port 8500. This is mainly for administrative
    purposes. When this server is accessed with the following URL:
    http://host:8500/CFIDE/probe.cfm, an error message is displayed which
    reveals the Physical path of the location where the MX Server has been
    installed.

    Error occured in:
    C:\CFusionMX\wwwroot\CFIDE\probe.cfm:line56

    Impact:
    Like with any other Path Disclosure, this bug would only allow vital
    information to be disclosed. By itself, it will not allow for a system
    compromise, but in conjunction with some other vulnerability in a Web app
    or in the server, it might be dangerous.

    Vendor Response:
    The vendor response is that this is a feature controlled by the 'Debugging
    Settings' page in the Administrator console. [X] Enable Robust Exception
    Information. This checkbox is checked by default on a new installation to
    allow application development. For a production system, the checkbox must
    be disabled.

    Workaround:
    Disable the checkbox mentioned above in a production environment.
    Alternatively, firewall the 8500 port to disable outside access to the
    administrator's console. It looks like the old debate on feature-or-bug,
    where the default configuration is not secure out-of-the-box.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:info@nii.co.in> Network
    Intelligence India Pvt. Ltd..

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: support_at_securiteam.com: "[NT] Buffer Overflow in Internet Explorer's HTTP Parsing Code"

    Relevant Pages

    • Re: Cant Find Generic Resources
      ... I must have the standard installation because I have no link to Project ... Server (i.e. ... The generic checkbox is on the General tab of the Resource Information ...
      (microsoft.public.project)
    • [TOOL] Web Shell (WSH), Remote UNIX/WIN Shell
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques. ... The package contains two perl scripts for server and client hosts: ...
      (Securiteam)
    • [NT] LiteServe Directory Index Cross-Site Scripting
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Web, email and FTP server. ... This is similar to the Apache XSS of last month. ...
      (Securiteam)
    • [NT] Directory Traversal bug in QuickFront Webserver
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Quickfront "will help you to capture emails ... directory traversal vulnerability in the product allows remote attackers ... When attacker sends a request to server in the following form: ...
      (Securiteam)
    • [NT] Apache Tomcat Denial of Service (NULL)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... - Apache Tomcat 4.1.3 beta on Windows 2000 Server ... possible to cause a working thread to hang. ... This was reported to the vendor on the 23rd of May, ...
      (Securiteam)