Info

Disclosure

Oct 04, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Macromedia ColdFusion MX contains a flaw that may allow a malicious user to get administrator password. The issue is triggered when a remote authenticated user with template creating privileges creates a template to access the administrative password, resulting in a loss of confidentiality.

Classification

Location: Unknown Location
Attack Type: Misconfiguration
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Macromedia, Inc.

ColdFusion MX

6.1

References

Security Tracker: 1011475
Secunia Advisory ID: 12693 18078
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0457.html
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html
Vendor URL: http://www.macromedia.com/software/coldfusion/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218