GEN:SID 1:907
Message WEB-COLDFUSION addcontent.cfm access
Summary This event is generated when an attempt is made to access an Example
application on a Coldfusion 4.x server. The 'Web Publish Example Script'
can be exploited to allow the attacker to upload an arbitrary file to
the server.
Impact Serious. The vulnerability allows custom code to be uploaded to the
server.
Detailed Information ColdFusion (Macromedia, formerly Allaire) web servers have several
default Example applications installed that have vulnerabilities.  The
'Web Publish Example script' application can be exploited to allow the
uploading of arbitrary files.

See Macromedia Security Bulletin (MPSB01-08) for complete information.
Affected Systems ColdFusion versions 2.x, 3.x, 4.x for Windows
    ColdFusion versions 4.x for Solaris, HP-UX
    ColdFusion versions 4.5.x for Linux
    Expression Evaluator Patch (ASB99-01)
Attack Scenarios The web application allows file uploading via a URL like this:

http://www.target.com/CFDOCS/exampleapps/publish/admin/addcontent.cfm

Once the file has been uploaded, it can be executed by crafting a 2nd
URL to the uploaded file.
Ease of Attack Simple.
Corrective Action Delete all example code.  This is one of several significant
vulnerabilities that are exploitable if the example code is left on a
production server.
Additional References Macromedia Security Bulletin (MPSB01-08)
http://www.macromedia.com/devnet/security/security_zone/mpsb01-08.html

CAN-2001-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0535