ColdFusion MX Cross Site Scripting vulnerability

Tue, 18 Jun 2002 13:44:15 -0700 

==> Macromedia ColdFusion MX Cross site scripting vulnerability <==

=> Author: Ory Segal, Sanctum Inc.

=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)

=> Vendor: Macromedia ( http://www.macromedia.com )

=> Product: 
        - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
        - Notes: 
                 [1] The vulnerabilities were tested on the evaluation
version.
                 [2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0

=> Severity: High

=> CVE candidate: Not assigned

=> Summary: 
        A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
        ".cfm" file.

=> Description:
        Macromedia's ColdFusion MX comes with a default 404 error page.
        This 404 error page presents the path of the file requested, and
does not filter it
        for hazardous characters, which might be used for a cross site
scripting attack. 
        For example, the following request will pop-up a message containing
the current session
        cookies:

        http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm 

=> Solution: Patch available from the vendor's web site at: 
             http://www.macromedia.com/v1/handlers/index.cfm?ID=23047

=> Workaround: 
        Change the default 404 error page associated with .cfm files, to
your 
        own customized 404 error page.
                                
 <<ColdFusion_MX_CSS.txt>> 

///////////////////////////////////////////////////////////////////////
========================>> Security Advisory <<========================
///////////////////////////////////////////////////////////////////////


-------------------------------------------------------------------- 
                Macromedia ColdFusion MX Cross site scripting vulnerability
--------------------------------------------------------------------

=> Author: Ory Segal, Sanctum Inc.

=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)

=> Vendor: Macromedia ( http://www.macromedia.com )

=> Product: 
        - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
        - Notes: 
                 [1] The vulnerabilities were tested on the evaluation version.
                 [2] The ColdFusion server was tested on Win2K (SP2) + IIS/5.0
=> Severity: High

=> CVE candidate: Not assigned

=> Summary: 
        A "Cross Site Scripting" vulnerability exists when requesting a non-existent
        ".cfm" file.

=> Description:
        Macromedia's ColdFusion MX comes with a default 404 error page.
        This 404 error page presents the path of the file requested, and does not 
filter it
        for hazardous characters, which might be used for a cross site scripting 
attack. 
        For example, the following request will pop-up a message containing the 
current session
        cookies:

        http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm 

=> Solution: Patch available from the vendor's web site at: 
             http://www.macromedia.com/v1/handlers/index.cfm?ID=23047

=> Workaround: 
        Change the default 404 error page associated with .cfm files, to your 
        own customized 404 error page.

Reply via email to