[25852] in bugtraq
ColdFusion MX Cross Site Scripting vulnerability
daemon@ATHENA.MIT.EDU (Ory Segal)
Tue Jun 18 17:03:48 2002
Message-ID: <F4158E9E43A9D511BE1100065B0432497B5DB9@perfectopdc>
From: Ory Segal <ORY.SEGAL@SANCTUMINC.COM>
To: "'WebAppSec (E-mail)'" <webappsec@securityfocus.com>,
"'BugTraq (E-mail)'" <BUGTRAQ@securityfocus.com>,
"'Penetration Testing (E-mail)'" <PEN-TEST@securityfocus.com>
Date: Tue, 18 Jun 2002 10:15:39 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01C216EB.8AE8DCBC"
------_=_NextPart_000_01C216EB.8AE8DCBC
Content-Type: text/plain;
charset="iso-8859-1"
==> Macromedia ColdFusion MX Cross site scripting vulnerability <==
=> Author: Ory Segal, Sanctum Inc.
=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)
=> Vendor: Macromedia ( http://www.macromedia.com )
=> Product:
- Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
- Notes:
[1] The vulnerabilities were tested on the evaluation
version.
[2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0
=> Severity: High
=> CVE candidate: Not assigned
=> Summary:
A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
".cfm" file.
=> Description:
Macromedia's ColdFusion MX comes with a default 404 error page.
This 404 error page presents the path of the file requested, and
does not filter it
for hazardous characters, which might be used for a cross site
scripting attack.
For example, the following request will pop-up a message containing
the current session
cookies:
http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm
=> Solution: Patch available from the vendor's web site at:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23047
=> Workaround:
Change the default 404 error page associated with .cfm files, to
your
own customized 404 error page.
<<ColdFusion_MX_CSS.txt>>
------_=_NextPart_000_01C216EB.8AE8DCBC
Content-Type: text/plain;
name="ColdFusion_MX_CSS.txt"
Content-Disposition: attachment;
filename="ColdFusion_MX_CSS.txt"
///////////////////////////////////////////////////////////////////////
========================>> Security Advisory <<========================
///////////////////////////////////////////////////////////////////////
--------------------------------------------------------------------
Macromedia ColdFusion MX Cross site scripting vulnerability
--------------------------------------------------------------------
=> Author: Ory Segal, Sanctum Inc.
=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)
=> Vendor: Macromedia ( http://www.macromedia.com )
=> Product:
- Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
- Notes:
[1] The vulnerabilities were tested on the evaluation version.
[2] The ColdFusion server was tested on Win2K (SP2) + IIS/5.0
=> Severity: High
=> CVE candidate: Not assigned
=> Summary:
A "Cross Site Scripting" vulnerability exists when requesting a non-existent
".cfm" file.
=> Description:
Macromedia's ColdFusion MX comes with a default 404 error page.
This 404 error page presents the path of the file requested, and does not filter it
for hazardous characters, which might be used for a cross site scripting attack.
For example, the following request will pop-up a message containing the current session
cookies:
http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm
=> Solution: Patch available from the vendor's web site at:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23047
=> Workaround:
Change the default 404 error page associated with .cfm files, to your
own customized 404 error page.
------_=_NextPart_000_01C216EB.8AE8DCBC--
