Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:906 |
Message | WEB-COLDFUSION getfile.cfm access |
Summary | This event is generated when an attempt is made to access an Example application on a Coldfusion 4.x server. |
Impact | Serious. The vulnerability is not limited to files in the webspace, so system files or additional unexecuted code files could be retrieved and examined for vulnerabilities. |
Detailed Information | ColdFusion (Macromedia, formerly Allaire) web servers have several default Example applications installed that have vulnerabilities. The email application can be exploited to allow remote viewing of arbitrary files. |
Affected Systems | ColdFusion versions 2.x, 3.x, 4.x for Windows ColdFusion versions 4.x for Solaris, HP-UX ColdFusion versions 4.5.x for Linux |
Attack Scenarios | The example application file cfdocs/exampleapp/email/getfile.cfm can accept URL-mangled requests like: http://www.server.com/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini This allows trivial remote retrieval of any file on the server. |
Ease of Attack | Simple. |
Corrective Action | Delete all example code. This is one of several significant vulnerabilities that are exploitable if the example code is left on a production server. |
Additional References | CAN-2001-0535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0535 Macromedia Security Bulletin (MPSB01-08) http://www.macromedia.com/devnet/security/security_zone/mpsb01-08.html |
Rule References | bugtraq: 229 cve: 1999-0800 cve: 2001-0535 |
--
DID:163622
--
http://www.aanval.com/