GEN:SID | 1:904 |
Message | WEB-COLDFUSION exampleapp application.cfm |
Summary | This event is generated when an attempt is made to access an Example application on a Coldfusion 4.x server.
|
Impact | Serious. The vulnerability is not limited to files in the webspace, so system files or additional unexecuted code files could be retrieved and examined for vulnerabilities.
|
Detailed Information | ColdFusion (Macromedia, formerly Allaire) web servers have several default Example applications installed that have vulnerabilities. The email application can be exploited to allow remote viewing of arbitrary files.
|
Affected Systems | ColdFusion versions 4.0 thru 4.5 (4.5.1 is not vulnerable), on all supported platforms
|
Attack Scenarios | The file at cfdocs/exampleapp/email/application.cfm includes a page, cfdocs/exampleapp/email/getfile.cfm, that can accept URL-mangled requests like:
http://www.server.com/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
This allows trivial remote retrieval of any file on the server.
|
Ease of Attack | Simple.
|
Corrective Action | Delete all example code. This is one of several significant vulnerabilities that are exploitable if the example code is left on a production server.
|
Additional References | CAN-2001-0535
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0535
|
Rule References | bugtraq: 1021
cve: 2000-0189
|