Adobe Macromedia ColdFusion MX and JRun server bypass restriction
| coldfusion-jrun-restriction-bypass (17484) |  Medium Risk |
Description:
Macromedia ColdFusion MX could allow a remote attacker to bypass access restrictions and obtain sensitive information, caused by a vulnerability in the JRun server. By sending a specially-crafted URL request for a file and appending a specific file extension, such as '.cfm', a remote attacker could view the source of a file that has a non-Macromedia extension, such as .php, .asp or .pl.
Note: This vulnerability only affects the Microsoft IIS connector.
Consequences:
Obtain Information
Remedy:
For Macromedia ColdFusion MX:
Apply the appropriate update for your system, as listed in Macromedia Security Bulletin MPSB04-09. See References.
For JRun:
Apply the appropriate update for your system, as listed in Macromedia Security Bulletin MPSB05-13. See References.
Note: Macromedia orginally released the patch in MPSB04-08, but it was superseded by the patch released with MPSB05-13.
References:
- iDEFENSE Security Advisory 10.05.04: ColdFusion MX 6.1 on IIS File Contents Disclosure.
- Macromedia Security Bulletin MPSB04-08: Cumulative Security Patch available for JRun server.
- Macromedia Security Bulletin MPSB04-09 : Cumulative Security Patch available for ColdFusion MX.
- Macromedia Security Bulletin MPSB05-13: Cumulative Security Updater for JRun 4.0 server.
- BID-11245: Macromedia JRun Multiple Remote Vulnerabilities
- BID-11331: Macromedia ColdFusion MX Remote File Content Disclosure Vulnerability
- CVE-2004-0928: The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ;.cfm.
- CVE-2004-1479: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0928. Reason: This candidate is a duplicate of CVE-2004-0928. Notes: All CVE users should reference CVE-2004-0928 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
- SA12638: Macromedia JRun Server Multiple Vulnerabilities
- SA12647: ColdFusion MX Sensitive Information Disclosure and Denial of Service
- US-CERT VU#977440: Macromedia JRun Server contains an information disclosure vulnerability
Platforms Affected:
- Macromedia ColdFusion 6.0
- Macromedia ColdFusion 6.1
- Macromedia JRun 4.0
Reported:
Sep 23, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net