|
Family: CGI abuses --> Category: attack
Cold Fusion Administration Page Overflow Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /cfide/administrator/index.cfm
Detailed Explanation for this Vulnerability Test
A denial of service vulnerability exists within the Allaire
ColdFusion web application server (version 4.5.1 and earlier) which allows an
attacker to overwhelm the web server and deny legitimate web page requests.
By downloading and altering the login HTML form a possible hacker can send overly
large passwords (>40,0000 chars) to the server, causing it to stop responding.
Solution: Use HTTP basic authentication to restrict access to this page or
remove it entirely if remote administration is not a requirement.
A patch should be available from allaire - www.allaire.com..
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|