OSVDB ID: 10505

Title: ColdFusion Server Web Publish Example Script Access Restriction Bypass

Info

Disclosure

Aug 07, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The 'Web Publish' example script in ColdFusion Server contains a flaw that may allow a remote attacker to bypass access restrictions. The issue is triggered when sending a HTTP request with a spoofed Host variable in the HTTP header. It is possible that the flaw may allow a remote attacker to upload and execute malicious files resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the CFDOCS directory.

Products

Macromedia, Inc.	ColdFusion Server for Windows	4.x
		3.x
		2.x
	ColdFusion Server for Solaris	4.x
	ColdFusion Server for HP-UX	4.x
	ColdFusion Server for Linux	4.5.x

References

Security Tracker: 1002158
Related OSVDB ID: 10592
CVE ID: 2001-0535 (see also: NVD)
Bugtraq ID: 3154
ISS X-Force ID: 6790
Vendor URL: http://www.macromedia.com/
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/mpsb01-08.html
Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/advise92

Credit

Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Macromedia, Inc.

ColdFusion Server for Windows

ColdFusion Server for Solaris

ColdFusion Server for HP-UX

ColdFusion Server for Linux

References

Credit