SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Macromedia
ColdFusion MX File Upload Disk Space Management Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009825
SecurityTracker URL:  http://securitytracker.com/id/1009825
CVE Reference:   CVE-2004-0407   (Links to External Site)
Updated:  Apr 22 2004
Original Entry Date:  Apr 15 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): MX 6.1
Description:   A vulnerability was reported in ColdFusion MX. A remote authenticated user can cause denial of service conditions on the target server.

Macromedia reported that a remote authenticated user can repeatedly upload files via an HTML form and interrupt each upload prior to completion to cause denial of service conditions. The server may fail to reclaim disk space allocated for each file upload, the report said.

Macromedia credits Tiffworks.com with reporting this vulnerability.

Impact:   A remote authenticated user can cause excessive disk space to be consumed on the target system, resulting in denial of service conditions.
Solution:   The vendor has released a patch, available at:

http://download.macromedia.com/pub/security/mpsb04-06.zip

For installation instructions, see the vendor's advisory at:

http://www.macromedia.com/devnet/security/security_zone/mpsb04-06.html

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb04-06.html (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC