Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:COLDFUSION-INFOLEAK |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
ColdFusion MX 6.1 Information Disclosure |
Release Date |
2005/02/16 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: ColdFusion MX 6.1 Information Disclosure
This signature detects attempts to exploit a known flaw in ColdFusion application server. A successful attack can lead to unauthorized information disclosure.
Extended Description
Multiple vulnerabilities are reported in Macromedia JRun. The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application. The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks. The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers. Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.
Affected Products
- Hitachi cosminexus_enterprise_enterprise_edition 01-01 (*1)
- Hitachi cosminexus_enterprise_enterprise_edition 01-02 (*2)
- Hitachi cosminexus_enterprise_standard_edition 01-01 (*1)
- Hitachi cosminexus_enterprise_standard_edition 01-02 (*2)
- Hitachi cosminexus_server_web_edition 01-01 (*1)
- Hitachi cosminexus_server_web_edition 01-02 (*2)
- Macromedia coldfusion_mx 6.0.0
- Macromedia coldfusion_mx 6.1.0
- Macromedia coldfusion_mx_j2ee 6.1.0
- Macromedia jrun 3.0.0
- Macromedia jrun 3.1.0
- Macromedia jrun 4.0.0
References
- BugTraq: 11245
- CVE: CVE-2004-0928
- URL: http://www.kb.cert.org/vuls/id/584958