ColdFusion MX Cross Site Scripting vulnerability

• Previous message: Mike Caudill: "Re: Catalyst 4000 - Cisco's Response"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

==> Macromedia ColdFusion MX Cross site scripting vulnerability <==

=> Author: Ory Segal, Sanctum Inc.

=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)

=> Vendor: Macromedia ( http://www.macromedia.com )

=> Product: 
        - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
        - Notes: 
                 [1] The vulnerabilities were tested on the evaluation
version.
                 [2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0

=> Severity: High

=> CVE candidate: Not assigned

=> Summary: 
        A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
        ".cfm" file.

=> Description:
        Macromedia's ColdFusion MX comes with a default 404 error page.
        This 404 error page presents the path of the file requested, and
does not filter it
        for hazardous characters, which might be used for a cross site
scripting attack. 
        For example, the following request will pop-up a message containing
the current session
        cookies:

        http://CF_MX_SERVER/>alert(document.cookie)</script>.cfm 

=> Solution: Patch available from the vendor's web site at: 
             http://www.macromedia.com/v1/handlers/index.cfm?ID=23047

=> Workaround: 
        Change the default 404 error page associated with .cfm files, to
your 
        own customized 404 error page.
				
 <<ColdFusion_MX_CSS.txt>> 

• text/plain attachment: ColdFusion_MX_CSS.txt

• Next message: Chris Anley: "(more) Advanced SQL Injection"
• Previous message: Mike Caudill: "Re: Catalyst 4000 - Cisco's Response"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 14:03:22 PDT