ColdFusion MX Cross Site Scripting vulnerability
From: Ory Segal (ORY.SEGAL@SANCTUMINC.COM)Date: 06/18/02
- Previous message: Spot: "Mandrake 8.2 msec security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ory Segal <ORY.SEGAL@SANCTUMINC.COM> To: "'WebAppSec (E-mail)'" <webappsec@securityfocus.com>, "'BugTraq (E-mail)'" <BUGTRAQ@SECURITYFOCUS.COM>, "'Penetration Testing (E-mail)'" <PEN-TEST@SECURITYFOCUS.COM> Date: Tue, 18 Jun 2002 10:15:39 -0700
==> Macromedia ColdFusion MX Cross site scripting vulnerability <==
=> Author: Ory Segal, Sanctum Inc.
=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)
=> Vendor: Macromedia ( http://www.macromedia.com )
=> Product:
- Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
- Notes:
[1] The vulnerabilities were tested on the evaluation
version.
[2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0
=> Severity: High
=> CVE candidate: Not assigned
=> Summary:
A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
".cfm" file.
=> Description:
Macromedia's ColdFusion MX comes with a default 404 error page.
This 404 error page presents the path of the file requested, and
does not filter it
for hazardous characters, which might be used for a cross site
scripting attack.
For example, the following request will pop-up a message containing
the current session
cookies:
http://CF_MX_SERVER/ => Solution: Patch available from the vendor's web site at:
=> Workaround:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23047
Change the default 404 error page associated with .cfm files, to
your
own customized 404 error page.
<<ColdFusion_MX_CSS.txt>>
