/////////////////////////////////////////////////////////////////////// ========================>> Security Advisory <<======================== /////////////////////////////////////////////////////////////////////// -------------------------------------------------------------------- Macromedia ColdFusion MX Cross site scripting vulnerability -------------------------------------------------------------------- => Author: Ory Segal, Sanctum Inc. => Release date: 18/06/2002 (vendor was notified at: 03/06/2002) => Vendor: Macromedia ( http://www.macromedia.com ) => Product: - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617) - Notes: [1] The vulnerabilities were tested on the evaluation version. [2] The ColdFusion server was tested on Win2K (SP2) + IIS/5.0 => Severity: High => CVE candidate: Not assigned => Summary: A "Cross Site Scripting" vulnerability exists when requesting a non-existent ".cfm" file. => Description: Macromedia's ColdFusion MX comes with a default 404 error page. This 404 error page presents the path of the file requested, and does not filter it for hazardous characters, which might be used for a cross site scripting attack. For example, the following request will pop-up a message containing the current session cookies: http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm => Solution: Patch available from the vendor's web site at: http://www.macromedia.com/v1/handlers/index.cfm?ID=23047 => Workaround: Change the default 404 error page associated with .cfm files, to your own customized 404 error page.
kazbiel