|
Family: CGI abuses --> Category: infos
ColdFusion Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for a ColdFusion vulnerability
Detailed Explanation for this Vulnerability Test
It is possible to read arbitrary files on the remote
server using the CGI :
/cfdocs/expeval/exprcalc.cfm
This CGI allows anyone to view, delete and upload
anything on the remote ColdFusion Application
server.
See also :
http://www.l0pht.com/advisories/cfusion.txt
Solution : Allaire has posted a patch to this
vulnerability. This is currently available at:
http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full
In addition to this patch, it is recommended that
the documentation and example code not be stored
on production servers.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|