Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Wed May 29 2002 - 09:21:32 CDT
('binary' encoding is not supported, stored as-is)
Procheckup Security Bulletin PR02-12
Description: Gafware's CFXImage showtemp program file
Vulnerable OS: Microsoft Windows.
Not Vulnerable OS: N/A
Platform: Microsoft Windows.
Severity: Anonymous attackers can read any files on the
server, providing the web service account has rights to
read the file.
Authors: Richard Brain [richard.brainprocheckup.com]
Vendor Status: Vendor has a patched version available.
CVE Candidate: Not assigned
CFXImage is a custom Coldfusion tag for editing and
creating images. Versions 1.6.6 and prior are vulnerable
to a directory transversal flaw.
showtemp.cfm is part of the CFXImage documentation, the
showtemp.cfm program does not filter its input variables
allowing directory transversal and reading of files outside
Showtemp can be exploited to read the boot.ini file in the
following manner :-
Microsoft Windows, Coldfusion and CFXImage program
Anonymous attackers can gain information prior to launching
As policy all sample programs and documentation should be
removed from production servers.
Otherwise upgrade to the lastest version of CFXImage, which
fóÿes this vulnerability.
Thanks to Glenn Flansburg for providing a prompt fix.
Copyright 2002 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this
Bulletin to the Internet community for the purpose of
alerting them to problems, if and only if, the Bulletin is
not edited or changed in any way, is attributed to
Procheckup, and provided such reproduction and/or
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup
is not liable for any misuse of this information by any