Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Cold Fusion Administration Page Overflow Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of /cfide/administrator/index.cfm

Detailed Explanation for this Vulnerability Test
A denial of service vulnerability exists within the Allaire
ColdFusion web application server (version 4.5.1 and earlier) which allows an
attacker to overwhelm the web server and deny legitimate web page requests.

By downloading and altering the login HTML form a possible hacker can send overly
large passwords (>40,0000 chars) to the server, causing it to stop responding.

Solution: Use HTTP basic authentication to restrict access to this page or
remove it entirely if remote administration is not a requirement.
A patch should be available from allaire -

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.