ID CVE-2007-0817 Type cve Reporter NVD Modified 2011-03-07T21:50:46
Description
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0817", "history": [], "references": ["http://www.securitytracker.com/id?1017645", "http://www.adobe.com/support/security/bulletins/apsb07-04.html", "http://www.securityfocus.com/archive/1/archive/1/459178/100/0/threaded", "http://www.vupen.com/english/advisories/2007/0593", "http://www.securityfocus.com/bid/22401"], "lastseen": "2016-09-03T08:25:33", "bulletinFamily": "NVD", "title": "CVE-2007-0817", "cpe": ["cpe:/a:adobe:coldfusion:6.1", "cpe:/a:adobe:coldfusion:7.0.1", "cpe:/a:adobe:coldfusion:7.0.2"], "viewCount": 0, "id": "CVE-2007-0817", "hash": "2afb5c8ccd1a0b2865013c8c1c30a5bdd08ce4580f99f60f6eb164c72266b89b", "description": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2007-0817"], "scanner": [], "modified": "2011-03-07T21:50:46", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2007-02-07T06:28:00", "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2016-09-03T08:25:33"}, "vulnersScore": 4.3}}
{"exploitdb": [{"lastseen": "2016-02-03T10:36:37", "osvdbidlist": ["32120"], "references": [], "edition": 1, "description": "Adobe ColdFusion 6/7 User_Agent Error Page Cross-Site Scripting Vulnerability. CVE-2007-0817. Webapps exploit for cfm platform", "reporter": "digi7al64", "published": "2007-02-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "exploitdb", "title": "Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0817"], "modified": "2007-02-05T00:00:00", "id": "EDB-ID:29567", "href": "https://www.exploit-db.com/exploits/29567/", "sourceData": "source: http://www.securityfocus.com/bid/22401/info\r\n\r\nAdobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nAn attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \r\n\r\nhttp://www.example.com/&USER_AGENT=%3Cscript%3Ealert(String.fromCharCode(120,115,115))%3C/s> cript%3E&HTTP_REFERER=http://www.google.com/ ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29567/"}], "nessus": [{"lastseen": "2018-09-01T23:49:16", "references": ["http://www.adobe.com/support/security/bulletins/apsb07-04.html", "http://www.securityfocus.com/archive/1/459178/30/0/threaded"], "pluginID": "24278", "description": "The version of Adobe ColdFusion running on the remote host fails to properly sanitize user-supplied input to the User-Agent header before using it to generate dynamic content in an error page. A remote, unauthenticated attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.", "edition": 5, "reporter": "Tenable", "published": "2007-02-06T00:00:00", "title": "ColdFusion Web Server User-Agent HTTP Header Error Message XSS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CGI abuses : XSS", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0817"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/a:adobe:coldfusion"], "id": "COLDFUSION_XSS_ERROR_PROCESSING_REQUEST.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24278", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24278);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2018/07/06 11:26:05\");\n\n script_cve_id(\"CVE-2007-0817\");\n script_bugtraq_id(22401);\n script_xref(name:\"EDB-ID\", value:\"29567\");\n\n script_name(english:\"ColdFusion Web Server User-Agent HTTP Header Error Message XSS\");\n script_summary(english:\"Checks for an XSS flaw in ColdFusion.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe ColdFusion running on the remote host fails to\nproperly sanitize user-supplied input to the User-Agent header before\nusing it to generate dynamic content in an error page. A remote,\nunauthenticated attacker can exploit this issue to inject arbitrary\nHTML or script code into a user's browser to be executed within the\nsecurity context of the affected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/459178/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb07-04.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch as described in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:coldfusion\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"coldfusion_detect.nasl\");\n script_require_keys(\"installed_sw/ColdFusion\");\n script_require_ports(\"Services/www\", 80, 8500);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'ColdFusion';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# Send a request to exploit the flaw.\nxss = \"<script>alert(\"+SCRIPT_NAME -\".nasl\"+\"-\"+unixtime()+\")</script>\";\nurl = \"/CFIDE/administrator/nessus-\" + unixtime()+\".cfm\";\nr = http_send_recv3(method:\"GET\", item:dir+url, port:port, exit_on_fail: TRUE,\n add_headers: make_array(\"User-Agent\", xss));\nres = r[2];\n\n# There's a problem if our exploit appears as the user agent.\nbrowser = strstr(res, \">Browser </\");\nif (browser)\n{\n browser = browser - strstr(browser, \"</tr>\");\n browser = strstr(browser, \"<td>\");\n browser = browser - strstr(browser, \"</td>\");\n # nb: browser includes some extra markup.\n if (\">\"+ xss >< browser)\n {\n security_report_v4(\n port : port,\n severity : SECURITY_WARNING,\n generic : TRUE,\n xss : TRUE, # XSS KB key\n request : make_list(http_last_sent_request()),\n output : chomp(browser)\n );\n exit(0);\n }\n}\nelse\n audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15978"], "description": "User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.", "edition": 1, "reporter": "BUGTRAQ", "published": "2007-02-05T00:00:00", "title": "ColdFusion crossite scripting", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:23", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ColdFusion Server", "version": "5.0", "operator": "eq"}], "cvelist": ["CVE-2007-0817"], "modified": "2007-02-05T00:00:00", "id": "SECURITYVULNS:VULN:7185", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7185", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "references": [], "description": "## Manual Testing Notes\nGET /CFIDE/administrator/btins.cfm HTTP/1.1\nAccept: */*\nAccept-Language: en-us\nUA-CPU: x86\nAccept-Encoding: gzip, deflate\nUser-Agent: </td><script>alert('BTINS-XSS')</script>\nHost: 161.38.228.10\nProxy-Connection: Keep-Alive\nPragma: no-cache\nCookie: CFID=4023; CFTOKEN=82420413; JSESSIONID=683089a6c0e0$D91$E9$\n## References:\n[Vendor Specific Advisory URL](http://www.adobe.com/support/security/bulletins/apsb07-04.html)\nSecurity Tracker: 1017645\n[Secunia Advisory ID:24115](https://secuniaresearch.flexerasoftware.com/advisories/24115/)\n[Related OSVDB ID: 32121](https://vulners.com/osvdb/OSVDB:32121)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0044.html\nFrSIRT Advisory: ADV-2007-0593\n[CVE-2007-0817](https://vulners.com/cve/CVE-2007-0817)\nBugtraq ID: 22401\n", "edition": 1, "reporter": "OSVDB", "published": "2007-02-04T04:19:09", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "ColdFusion Web Server User-Agent HTTP Header Error Message XSS", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0817"], "modified": "2007-02-04T04:19:09", "href": "https://vulners.com/osvdb/OSVDB:32120", "id": "OSVDB:32120", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "jvn": [{"lastseen": "2018-08-31T00:36:32", "references": [], "description": "\n ## Description\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. \n\n ## Solution\n\n ## Products Affected\n\n * ColdFusion MX 6.X\n * ColdFusion MX 7.X\nFor more information, refer to the vendor's website. \n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2007-02-14T00:00:00", "title": "JVN#48566866 ColdFusion error page cross-site scripting vulnerability", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "info", "cvelist": ["CVE-2007-0817"], "modified": "2008-05-21T00:00:00", "id": "JVN:48566866", "href": "http://jvn.jp/en/jp/JVN48566866/index.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
