Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ColdFusion MX Cross Site Scripting vulnerability

From: Ory Segal <ORY.SEGAL () SANCTUMINC COM>
Date: Tue, 18 Jun 2002 10:15:39 -0700
==> Macromedia ColdFusion MX Cross site scripting vulnerability <==

=> Author: Ory Segal, Sanctum Inc.

=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)

=> Vendor: Macromedia ( http://www.macromedia.com )

=> Product: 
        - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
        - Notes: 
                 [1] The vulnerabilities were tested on the evaluation
version.
                 [2] The ColdFusion server was tested on Win2K (SP2) +
IIS/5.0

=> Severity: High

=> CVE candidate: Not assigned

=> Summary: 
        A "Cross Site Scripting" vulnerability exists when requesting a
non-existent
        ".cfm" file.

=> Description:
        Macromedia's ColdFusion MX comes with a default 404 error page.
        This 404 error page presents the path of the file requested, and
does not filter it
        for hazardous characters, which might be used for a cross site
scripting attack. 
        For example, the following request will pop-up a message containing
the current session
        cookies:

        http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm 

=> Solution: Patch available from the vendor's web site at: 
             http://www.macromedia.com/v1/handlers/index.cfm?ID=23047

=> Workaround: 
        Change the default 404 error page associated with .cfm files, to
your 
        own customized 404 error page.
                                
 <<ColdFusion_MX_CSS.txt>>

Attachment: ColdFusion_MX_CSS.txt
Description:

Previous By Date Next
Previous By Thread Next

Current thread: