|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ory Segal (ORY.SEGAL
SANCTUMINC.COM)Date: Tue Jun 18 2002 - 11:58:36 CDT
///////////////////////////////////////////////////////////////////////
========================>> Security Advisory <<========================
///////////////////////////////////////////////////////////////////////
----------------------------------------------------------------------------
Macromedia ColdFusion MX Cross site scripting vulnerability
----------------------------------------------------------------------------
=> Author: Ory Segal, Sanctum Inc.
=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)
=> Vendor: Macromedia ( http://www.macromedia.com
<http://www.macromedia.com> )
=> Product:
- Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
- Notes:
[1] The vulnerabilities were tested on the evaluation
version.
[2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0
=> Severity: High
=> CVE candidate: Not assigned
=> Summary:
A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
".cfm" file.
=> Description:
Macromedia's ColdFusion MX comes with a default 404 error page.
This 404 error page presents the path of the file requested, and
does not filter it
for hazardous characters, which might be used for a cross site
scripting attack.
For example, the following request will pop-up a message containing
the current session
cookies:
http://CF_MX_SERVER/ <http://CF_MX_SERVER/>
<script>alert(document.cookie)</script>.cfm
=> Solution: Patch available from the vendor's web site at:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23047
<http://www.macromedia.com/v1/handlers/index.cfm?ID=23047>
=> Workaround:
Change the default 404 error page associated with .cfm files, to
your
own customized 404 error page.
- text/plain attachment: ColdFusion_MX_CSS.txt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]