SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Macromedia
Macromedia ColdFusion MX Updater Discloses '.class' Files to Remote Users
SecurityTracker Alert ID:  1013663
SecurityTracker URL:  http://securitytracker.com/id/1013663
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 8 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): MX 6.1
Description:   A vulnerability was reported in Macromedia ColdFusion MX Updater. A remote user can obtain '.class' files.

The Updater configuration causes compiled java '.class' files created from '.cfms' and '.cfcs' to be stored in the '/WEB-INF/cfclasses' directory. A remote user can access the files in this directory.

The ColdFusion 6.1 Updater 1 is affected. ColdFusion 7.0 is not affected.

The vendor credits Sean Waddell from ESP Group with reporting this vulnerability.

Impact:   A remote user can obtain '.class' files from the target system.
Solution:   The vendor plans to issue a fix in the next updater.

The vendor has described the following workaround [quoted]:

J2EE Configuration - ColdFusion MX 6.1 for JRun4

1. Stop all ColdFusion MX 6.1 servers.
2. Install the ColdFusion MX 6.1 Updater

If the ColdFusion MX 6.1 updater has previously been applied, delete the existing /WEB-INF/ directory under the web server root.

For Microsoft IIS, the default is /inetpub/wwwroot/, for Apache, /apache/htdocs/ and for IPlanet/SunOne /{iPlanet | SunOne}/servers/docs/
3. Create the {jrun_root}/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfclasses directory
4. Start ColdFusion MX 6.1 servers.

Observe when .cfms are invoked, the .class files are placed in {jrun_root}/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfclasses directory.

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb05-02.html (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC