SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Macromedia ColdFusion Vendors:   Adobe Systems Incorporated
Adobe ColdFusion Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1025012
SecurityTracker URL:  http://securitytracker.com/id/1025012
CVE Reference:   CVE-2011-0733, CVE-2011-0734   (Links to External Site)
Updated:  Feb 10 2011
Original Entry Date:  Jan 28 2011
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  

Description:   A vulnerability was reported in Adobe ColdFusion. A remote user can conduct cross-site scripting attacks. A remote user can determine the installation path.

A remote user can supply a specially crafted request to obtain information about the target page's SQL query and the page's installation path.

A demonstration exploit is provided:

http://[target]/page.cfm?id=-

A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the ColdFusion software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://[target]/page.cfm?id=%3Cbody%20onload=alert(document.cookie)%3E

The vendor was notified on November 16, 2010.

MustLive reported this vulnerability.

[Editor's note: A user has reported testing this on several servers and applications and being unable to reproduce the vulnerability.]

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can determine the installation path.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.adobe.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (OS X), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Fri, 28 Jan 2011 21:44:52 +0200
Subject:  [Full-disclosure] Vulnerabilities in Adobe ColdFusion

SGVsbG8gbGlzdCEKCkkgd2FudCB0byB3YXJuIHlvdSBhYm91dCBTUUwgREIgU3RydWN0dXJlIEV4
dHJhY3Rpb24sIEZ1bGwgcGF0aCBkaXNjbG9zdXJlCmFuZCBDcm9zcy1TaXRlIFNjcmlwdGluZyB2
dWxuZXJhYmlsaXRpZXMgaW4gQWRvYmUgQ29sZEZ1c2lvbi4KClRoZSB2dWxuZXJhYmlsaXRpZXMg
ZXhpc3QgYXQgZGV0YWlsZWQgZXJyb3IgcmVwb3J0IHBhZ2UuIEF0IDE2LjExLjIwMTAgSQpwcml2
YXRlbHkgaW5mb3JtZWQgQWRvYmUgYWJvdXQgaXQsIGJ1dCB0aGV5IGlnbm9yZWQgbXkgbGV0dGVy
LgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpBZmZlY3RlZCBwcm9kdWN0czoKLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQoKVnVsbmVyYWJsZSBhcmUgcG9zc2libHkgYWxsIHZlcnNpb25zIG9m
IEFkb2JlIENvbGRGdXNpb24uCgotLS0tLS0tLS0tCkRldGFpbHM6Ci0tLS0tLS0tLS0KClNRTCBE
QiBTdHJ1Y3R1cmUgRXh0cmFjdGlvbiAoV0FTQy0xMyk6CgpodHRwOi8vc2l0ZS9wYWdlLmNmbT9p
ZD0tCgpJbmZvcm1hdGlvbiBhYm91dCBTUUwgcXVlcnkgaXMgc2hvd2VkIChpZiB0aGlzIHdlYiBh
cHBsaWNhdGlvbiBpcyB3b3JraW5nCndpdGggREJNUykuCgpGdWxsIHBhdGggZGlzY2xvc3VyZSAo
V0FTQy0xMyk6CgpodHRwOi8vc2l0ZS9wYWdlLmNmbT9pZD0tCgpGdWxsIHBhdGggYXQgc2VydmVy
IGlzIHNob3dlZC4KClhTUyAoV0FTQy0wOCk6CgpBdCByZXF1ZXN0IHRvIHBhZ2UgaHR0cDovL3Np
dGUvcGFnZS5jZm0/aWQ9LSB3aXRoIFVzZXItQWdlbnQgk01vemlsbGE8Ym9keQpvbmxvYWQ9YWxl
cnQoZG9jdW1lbnQuY29va2llKT6UIGl0IHdhcyBwb3NzaWJsZSB0byBleGVjdXRlIGNvZGUuClZ1
bG5lcmFiaWxpdHkgd29ya2VkIGluIDIwMDkgYW5kIGF0IDI1LjAyLjIwMTAuIE5vdyB0aGlzIHZ1
bG5lcmFiaWxpdHkgaXMKZml4ZWQgKHBvc3NpYmx5IGluIGxhc3QgdmVyc2lvbnMgb2YgQ29sZEZ1
c2lvbikuCgpYU1MgKFdBU0MtMDgpOgoKaHR0cDovL3NpdGUvcGFnZS5jZm0/aWQ9JTNDYm9keSUy
MG9ubG9hZD1hbGVydChkb2N1bWVudC5jb29raWUpJTNFCgpBdHRhY2sgdmVjdG9yIHZpYSB0YWcg
c2NyaXB0LCB3aGljaCB3b3JrZWQgaW4gMjAwOSBhbmQgYXQgMjUuMDIuMjAxMCwgd2FzCmFscmVh
ZHkgZml4ZWQgaW4gbGFzdCB2ZXJzaW9ucyBvZiBDb2xkRnVzaW9uLiBCdXQgaXQncyBzdGlsbCBw
b3NzaWJsZSB0bwphdHRhY2sgdmlhIG1hbnkgb3RoZXIgdmVjdG9ycyAoZS5nLiB2aWEgdGFnIGJv
ZHkpLgoKLS0tLS0tLS0tLS0tClRpbWVsaW5lOgotLS0tLS0tLS0tLS0KCjIwMDgtMjAxMCAtIGZv
dW5kIHRoZXNlIHZ1bG5lcmFiaWxpdGllcyBhdCBkaWZmZXJlbnQgd2ViIHNpdGVzIG9uIENvbGRG
dXNpb24KYW5kIGluZm9ybWVkIGFkbWlucyAoYW5kIHNvbWUgYWRtaW5zIG9mIHRoZXNlIHNpdGVz
IHBvdGVudGlhbGx5IGNvdWxkIHRvbGQKQWRvYmUgYWJvdXQgdGhlc2UgaXNzdWVzLCBhcyBYU1Mg
dmlhIFVzZXItQWdlbnQgYW5kIHZpYSB0YWcgc2NyaXB0IHdlcmUKZml4ZWQgYXQgdGltZSBvZiBG
ZWJydWFyeSAyMDEwKS4KMjAxMC4xMS4xNiAtIGluZm9ybWVkIGRldmVsb3BlcnMgKEFkb2JlIGln
bm9yZWQpLgoyMDExLjAxLjI3IC0gZGlzY2xvc2VkIGF0IG15IHNpdGUuCgpJIG1lbnRpb25lZCBh
Ym91dCB0aGVzZSB2dWxuZXJhYmlsaXRpZXMgYXQgbXkgc2l0ZQooaHR0cDovL3dlYnNlY3VyaXR5
LmNvbS51YS80ODc5LykuCgpCZXN0IHdpc2hlcyAmIHJlZ2FyZHMsCk11c3RMaXZlCkFkbWluaXN0
cmF0b3Igb2YgV2Vic2VjdXJpdHkgd2ViIHNpdGUKaHR0cDovL3dlYnNlY3VyaXR5LmNvbS51YQoK
Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkZ1bGwtRGlz
Y2xvc3VyZSAtIFdlIGJlbGlldmUgaW4gaXQuCkNoYXJ0ZXI6IGh0dHA6Ly9saXN0cy5ncm9rLm9y
Zy51ay9mdWxsLWRpc2Nsb3N1cmUtY2hhcnRlci5odG1sCkhvc3RlZCBhbmQgc3BvbnNvcmVkIGJ5
IFNlY3VuaWEgLSBodHRwOi8vc2VjdW5pYS5jb20v
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC