From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Jul 10 2003 - 03:45:08 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Macromedia ColdFusion MX / JRun Source Code Disclosure Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9222/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Macromedia ColdFusion MX
Macromedia Jrun 4.x

DESCRIPTION:
A vulnerability has been identified in some versions of Macromedia
ColdFusion MX and JRun, which can be exploited by malicious people to
gain knowledge of sensitive information.

It is possible to disclose the source code of ".cfm", ".cfc",
".cfml", and ".jsp" pages by appending an URL encoded space ("%20")
at the end of the file extension of the requested resource.

The vulnerability affects the following versions for Apache 1.3.x and
2.x on Windows systems:

- ColdFusion MX (Standard Edition)
- ColdFusion MX for J2EE (JRun)
- JRun 4.0 (All Editions)

SOLUTION:
Apply patch (see original advisory of requirements and installation
instructions):
http://download.macromedia.com/pub/security/mpsb03-04.zip

REPORTED BY / CREDITS:
Matthew Argyle

ORIGINAL ADVISORY:
http://www.macromedia.com/devnet/security/security_zone/mpsb03-04.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]