Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Vulnerabilities in ColdFusion Example Applications

Vulnerabilities in ColdFusion Example Applications

by phiber on August 9th, 2001 Internet Security Systems (ISS) X-Force has discovered multiple remote vulnerabilities in Macromedia ColdFusion. The vulnerabilities may allow remote attackers to execute arbitrary commands as a privileged user on a vulnerable ColdFusion installation.


Vulnerable versions:

ColdFusion Server for Windows 4.x

ColdFusion Server for Solaris 4.x

ColdFusion Server for HP-UX 4.x

ColdFusion Server for Linux 4.x

Non-vulnerable versions:

ColdFusion Server 5.0



Description:

Macromedia ColdFusion ships with several small "helper" applications
that are meant to educate users on a small subset of ColdFusion's
features. These applications are not installed by default, and
Macromedia has documented and continues to recommend that production ColdFusion servers should not have the example applications installed.


ColdFusion ships with two vulnerable "Exampleapps". These applications
may be queried via a normal Web browser. Both of these example
applications employ a rudimentary security mechanism to attempt to block all access except from the ColdFusion server itself. It is possible for remote attackers to spoof the source of the query and bypass this
restriction.


Both vulnerable scripts behave like CGI (Common Gateway Interface)
applications. It is possible for the attacker to interact with the
example applications to create files, view files, or execute commands
on the vulnerable target.


Solution:

Macromedia will not release a patch to address the vulnerabilities
described in this advisory. Macromedia recommends that customers do not install example applications or documentation on production ColdFusion servers. Example applications are stored in the /CFDOCS/exampleapps directory.


Macromedia recommends that the entire /CFDOCS directory tree be removed from production servers and only installed on development installations that that are not exposed to potentially hostile networks.

All ColdFusion customers should familiarize themselves with the
ColdFusion "Best Security Practices" document available here.



Credits for this vulnerabilities go to Mark Dowd, ISS.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »