HTTP: ColdFusion MX 6.1 Information Disclosure
This signature detects attempts to exploit a known flaw in ColdFusion application server. A successful attack can lead to unauthorized information disclosure.
Extended Description
Multiple vulnerabilities are reported in Macromedia JRun. The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application. The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks. The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers. Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.
Affected Products
Macromedia jrun
Short Name
HTTP:IIS:COLDFUSION-INFOLEAK
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
6.1 CVE-2004-0928 ColdFusion Disclosure Information MX bid:11245
Release Date
02/17/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Hitachi
Macromedia
CVSS Score
5.0