SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Adobe Systems Incorporated
Macromedia ColdFusion Double-Encoded URL Processing Discloses Files to Remote Users
SecurityTracker Alert ID:  1017490
SecurityTracker URL:  http://securitytracker.com/id/1017490
CVE Reference:   CVE-2006-5858   (Links to External Site)
Date:  Jan 10 2007
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0.2 and prior versions, using ISS only
Description:   A vulnerability was reported in Macromedia ColdFusion. A remote user can view certain files on the target system.

A remote user can supply a specially crafted URL with a double-encoded null byte and an extension that is handled by ColdFusion (e.g., '.cfm') to view the contents of arbitrary files that are not processed by ColdFusion.

Only Windows-based systems running IIS are affected.

The vulnerability exists because URL encoded filenames are decoded by the IIS process and then again by the ColdFusion process.

The vendor was notified on November 8, 2006.

Inge Henriksen reported this vulnerability via iDefense.

Impact:   A remote user can view the contents of certain files on the target system.
Solution:   The vendor has described a fix for versions 7.01 and 7.02 in their advisory.

The Adobe advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb07-02.html

Vendor URL:  www.adobe.com/support/security/bulletins/apsb07-02.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC