CVE-2000-0538
CVSS5.0
发布时间 :2000-06-07 00:00:00
修订时间 :2016-10-17 22:07:16
NMCOE    

[原文]ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.


[CNNVD]Allaire ColdFusion index.cfm远程拒绝服务攻击漏洞(CNNVD-200006-028)

        
        Allaire ColdFusion是一种流行的Web功能扩展软件包,可以运行在Windows、HP-UX、Linux等多种平台上。
        Allaire ColdFusion v4.5.1及其以前版本在处理口令验证请求过程中存在一个安全漏洞,如果在管理员登录页面的口令域里输入超过40000个字符,CPU占用率将达到100%,进程挂起,造成拒绝服务攻击。
        登录页面表单默认会阻止你输入超过40000个字符,然而恶意用户可以下载页面到本地,修改后向ColdFusion服务器提交超过40000个字符。为了恢复正常功能,必须重启ColdFusion服务。
        管理员登录页面可以通过如下链接获得:
        http://www.target.com/cfide/administrator/index.cfm
        修改域尺寸和POST action,就允许提交超过40000个字符。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:allaire:coldfusion_server:3.01
cpe:/a:allaire:coldfusion_server:3.12
cpe:/a:allaire:coldfusion_server:3.1
cpe:/a:allaire:coldfusion_server:4.0
cpe:/a:allaire:coldfusion_server:3.0
cpe:/a:allaire:coldfusion_server:2.0
cpe:/a:allaire:coldfusion_server:4.5
cpe:/a:allaire:coldfusion_server:3.11
cpe:/a:allaire:coldfusion_server:4.0.1
cpe:/a:allaire:coldfusion_server:4.5.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0538
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0538
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200006-028
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=96045469627806&w=2
(UNKNOWN)  BUGTRAQ  20000607 New Allaire ColdFusion DoS
http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
(VENDOR_ADVISORY)  ALLAIRE  ASB00-14
http://www.securityfocus.com/bid/1314
(VENDOR_ADVISORY)  BID  1314
http://xforce.iss.net/static/4611.php
(VENDOR_ADVISORY)  XF  coldfusion-parse-dos

- 漏洞信息

Allaire ColdFusion index.cfm远程拒绝服务攻击漏洞
中危 未知
2000-06-07 00:00:00 2005-05-02 00:00:00
远程  
        
        Allaire ColdFusion是一种流行的Web功能扩展软件包,可以运行在Windows、HP-UX、Linux等多种平台上。
        Allaire ColdFusion v4.5.1及其以前版本在处理口令验证请求过程中存在一个安全漏洞,如果在管理员登录页面的口令域里输入超过40000个字符,CPU占用率将达到100%,进程挂起,造成拒绝服务攻击。
        登录页面表单默认会阻止你输入超过40000个字符,然而恶意用户可以下载页面到本地,修改后向ColdFusion服务器提交超过40000个字符。为了恢复正常功能,必须重启ColdFusion服务。
        管理员登录页面可以通过如下链接获得:
        http://www.target.com/cfide/administrator/index.cfm
        修改域尺寸和POST action,就允许提交超过40000个字符。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 备份所有数据,按如下链接文章提供的步骤修补:
        
        http://www.allaire.com/Handlers/index.cfm?ID=10954&Method=Full

        厂商补丁:
        Allaire
        -------
        Allaire已经为此发布了一个安全公告(ASB00-14)以及相应补丁:
        ASB00-14:Workaround available for Denial of Service attack against ColdFusion Administrator
        链接:
        补丁下载:
        
        http://www.macromedia.com/support/coldfusion/

- 漏洞信息 (19996)

ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability (EDBID:19996)
multiple dos
2000-06-07 Verified
0 Stuart McClure
N/A [点击下载]
source: http://www.securityfocus.com/bid/1314/info

Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page. CPU utilization could reach up to 100%, bringing the program to halt. The default form for the login page would prevent such an attack. However, a malicious user could download the form locally to their hard drive, modify HTML tag fields, and be able to submit the 40 000 character string to the ColdFusion Server.

Restarting the application would be required in order to regain normal functionality.


The Administrator login page can be typically accessed via:
http://target/cfide/administrator/index.cfm

Modify the field size and POST action in the HTML tags to allow for the input of a character string consisting of over 40 000 characters. 		

- 漏洞信息

3399
ColdFusion Administrator Login Page Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Solution Unknown
Exploit Public Third-party Verified, Uncoordinated Disclosure

- 漏洞描述

ColdFusion Web Server's administrative login page allows a remote attacker to launch a denial of service. The issue is due to a lack of sanity checks on user submitted content passed to the password field. If a password of 40,000 characters is provided, the web server may crash.

- 时间线

2000-06-07 Unknow
2000-06-07 Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站