[Snort-sigs] Documentation: SID 904
ddavidson at ...1674...
Wed Jul 16 16:11:17 EDT 2003
WEB-COLDFUSION exampleapp application.cfm
ColdFusion (Macromedia, formerly Allaire) web servers have several
default Example applications installed that have vulnerabilities. The
email application can be exploited to allow remote viewing of arbitrary
Serious: The vulnerability is not limited to files in the webspace, so
system files or additional unexecuted code files could be retrieved and
examined for vulnerabilities.
ColdFusion versions 4.0 thru 4.5 (4.5.1 is not vulnerable), on all
platforms (windows, unix, linux, ???)
The file at cfdocs/exampleapp/email/application.cfm includes a page,
cfdocs/exampleapp/email/getfile.cfm, that can accept URL-mangled
This allows trivial remote retrieval of any file on the server.
Ease of Attack:
If you're using ColdFusion 4.x's example code, you'll trigger this error.
Delete all example code. This is one of several significant
vulnerabilities that are exploitable if the example code is left on a
Documentation - Darryl Davidson <ddavidson at ...1674...>
Additional References: CAN-2001-0535
More information about the Snort-sigs