CVE-2004-0928
CVSS5.0
发布时间 :2004-10-05 00:00:00
修订时间 :2016-10-17 22:49:58
NMCOPS    

[原文]The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".


[CNNVD]Macromedia JRun管理平台会话补丁及跨站脚本漏洞(CNNVD-200410-002)

        
        Macromedia JRun是一款Macromedia公司开发的Java应用服务器,提供快速可靠的J2EE兼容平台。
        Macromedia JRun 4.0管理平台存在跨站脚本及会话固定错误,远程攻击者可以利用这个漏洞获得敏感信息或未授权访问应用系统。
        目前没有详细漏洞细节提供。JRun 3.x不存在此漏洞。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:hitachi:cosminexus_enterprise:01_02_2::standard
cpe:/a:hitachi:cosminexus_enterprise:01_02_2::enterprise
cpe:/a:macromedia:jrun:3.0Macromedia JRun 3.0
cpe:/a:macromedia:coldfusion:6.0Macromedia ColdFusion 6.0
cpe:/a:macromedia:coldfusion:6.1Macromedia ColdFusion MX 6.1
cpe:/a:hitachi:cosminexus_enterprise:01_01_1::enterprise
cpe:/a:macromedia:jrun:3.1Macromedia JRun 3.1
cpe:/a:macromedia:jrun:4.0Macromedia JRun 4.0
cpe:/a:hitachi:cosminexus_enterprise:01_01_1::standard
cpe:/a:hitachi:cosminexus_server:web_01-01_2
cpe:/a:hitachi:cosminexus_server:web_01-01_1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0928
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0928
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-002
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109621995623823&w=2
(UNKNOWN)  BUGTRAQ  20040923 New Macromedia Security Zone Bulletins Posted
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure
http://www.kb.cert.org/vuls/id/977440
(VENDOR_ADVISORY)  CERT-VN  VU#977440
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
(VENDOR_ADVISORY)  CONFIRM  http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
(VENDOR_ADVISORY)  CONFIRM  http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
http://www.securityfocus.com/bid/11245
(VENDOR_ADVISORY)  BID  11245
http://xforce.iss.net/xforce/xfdb/17484
(VENDOR_ADVISORY)  XF  coldfusion-jrun-restriction-bypass(17484)

- 漏洞信息

Macromedia JRun管理平台会话补丁及跨站脚本漏洞
中危 访问验证错误
2004-10-05 00:00:00 2006-04-21 00:00:00
远程  
        
        Macromedia JRun是一款Macromedia公司开发的Java应用服务器,提供快速可靠的J2EE兼容平台。
        Macromedia JRun 4.0管理平台存在跨站脚本及会话固定错误,远程攻击者可以利用这个漏洞获得敏感信息或未授权访问应用系统。
        目前没有详细漏洞细节提供。JRun 3.x不存在此漏洞。
        

- 公告与补丁

        厂商补丁:
        Macromedia
        ----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.macromedia.com/go/jrun_updater

- 漏洞信息 (F34590)

10.05.04a.txt (PacketStormID:F34590)
2004-10-13 00:00:00
 
advisory,remote
CVE-2004-0928
[点击下载]

iDEFENSE Security Advisory 10.05.04a - Remote exploitation of an input validation error in ColdFusion MX 6.1 on IIS could allow the disclosure of file contents.

ColdFusion MX 6.1 on IIS File Contents Disclosure

iDEFENSE Security Advisory 10.05.04a:
www.idefense.com/application/poi/display?id=148&type=vulnerabilities
October 5, 2004

I. BACKGROUND

ColdFusion is a programming language based on standard HTML that is used
to write dynamic webpages. When a page in a ColdFusion application is
requested by a browser, it is automatically pre-processed by the
ColdFusion Application Server. More information is available at:

http://www.macromedia.com/software/coldfusion/

II. DESCRIPTION

Remote exploitation of and input validation error in ColdFusion MX 6.1
on IIS could allow the disclosure of file contents.

By supplying a filename of a file not 'associated' with the Coldfusion
plugin and appending ;.cfm or any other extension that is associated
with ColdFusion, it may be possible to view to contents of the files
that otherwise would be protected by IIS's access restrictions.

III. ANALYSIS

This vulnerability may expose sensitive files stored under the webroot,
bypassing access restrictions set in the IIS management system. In order
for the file to be read, it must be accessible to the user Coldfusion
is executing as. This vulnerability still requires knowledge of the
existence of a file of interest. It does not expose the directory
listing.

IV. DETECTION

iDEFENSE has confirmed ColdFusion MX 6.1 on IIS is vulnerable.

V. WORKAROUND

Change the mapping rules for ColdFusion handled files to refer to
specific files instead of the default *.cfm, *.jsp, etc. It is also
possible to mitigate against exploitation by not storing sensitive
information within the webroot of any server. Storing the information
outside of the webroot may require changes to applications.

VI. VENDOR RESPONSE

MPSB04-09 - Cumulative Security Patch available for ColdFusion MX:
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-0928 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

07/08/2004   Initial vendor notification
07/08/2004   iDEFENSE clients notified
07/09/2004   Initial vendor response
10/05/2004   Public disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright (c) 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

10240
Macromedia Multiple Products on IIS Crafted URL Application Source Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

JRun contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user appends ';.cfm' to the end of a php,asp, or pl file request which bypasses access restrictions and returns the source of the requested file. This flaw may lead to a loss of confidentiality.

- 时间线

2004-09-23 Unknow
2004-09-23 2004-09-23

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Macromedia has released a set of patches to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Macromedia ColdFusion MX Remote File Content Disclosure Vulnerability
Access Validation Error 11331
Yes No
2004-10-05 12:00:00 2009-07-12 07:06:00
The discoverer of this vulnerability wishes to remain anonymous.

- 受影响的程序版本

Macromedia ColdFusion MX 6.1

- 漏洞讨论

Macromedia ColdFusion MX is affected by a remote file content disclosure vulnerability. This vulnerability is caused by access validation issue that allows an attacker to bypass protections to reveal the contents of files.

It should be noted that this issue does not reveal directory contents, therefore attackers must have prior knowledge of target files.

An attacker may leverage this issue to read the contents of files contained under the webroot directory that are readable by the ColdFusion process on the affected computer; affectively bypassing access restrictions set in the IIS management system.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released a patch that resolves this issue.


Macromedia ColdFusion MX 6.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站