Macromedia ColdFusion Double-Encoded URL Processing Discloses Files to Remote Users
|
|
SecurityTracker Alert ID: 1017490 |
|
SecurityTracker URL: http://securitytracker.com/id/1017490
|
|
CVE Reference:
CVE-2006-5858
(Links to External Site)
|
Date: Jan 10 2007
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.0.2 and prior versions, using ISS only
|
Description:
A vulnerability was reported in Macromedia ColdFusion. A remote user can view certain files on the target system.
A remote user can supply a specially crafted URL with a double-encoded null byte and an extension that is handled by ColdFusion (e.g., '.cfm') to view the contents of arbitrary files that are not processed by ColdFusion.
Only Windows-based systems running IIS are affected.
The vulnerability exists because URL encoded filenames are decoded by the IIS process and then again by the ColdFusion process.
The vendor was notified on November 8, 2006.
Inge Henriksen reported this vulnerability via iDefense.
|
Impact:
A remote user can view the contents of certain files on the target system.
|
Solution:
The vendor has described a fix for versions 7.01 and 7.02 in their advisory.
The Adobe advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb07-02.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb07-02.html (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 10 Jan 2007 00:17:44 -0500
Subject: Patch available for ColdFusion MX 7 information disclosure issue
|
http://www.adobe.com/support/security/bulletins/apsb07-02.html
CVE-2006-5858
|
|
