Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure

#%NASL_MIN_LEVEL 70300
#
# This script was written by BEKRAR Chaouki <[email protected]>
#
# Macromedia ColdFusion MX Path Disclosure Vulnerability
#
# https://web.archive.org/web/20030713132233/http://www.k-otik.com/bugtraq/04.26.coldfusion.php
#


include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(11558);
 script_cve_id("CVE-2003-1469");
 script_bugtraq_id(7443);
 script_version("1.21");

 script_name(english:"Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure");
 script_set_attribute(attribute:"synopsis", value:
"The remote host is running an application that is affected by an 
information disclosure vulnerability." );
 script_set_attribute(attribute:"description", value:
"A vulnerability has been reported for Macromedia ColdFusion MX that 
may reveal the physical path information to attackers.

When certain malformed URL requests (port 8500) are received by the
server, an error message is returned containing the full path of the 
ColdFusion installation." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/319867/30/0/threaded" );
 script_set_attribute(attribute:"solution", value:
"Change the 'Debugging Settings' on the Administrator console of the
ColdFusion server. This can be achieved by disabling the 'Enable 
Robust Exception Information' option." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(200);

 script_set_attribute(attribute:"plugin_publication_date", value: "2003/04/30");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:macromedia:coldfusion");
script_end_attributes();

 script_summary(english:"Macromedia ColdFusion MX Path Disclosure Vulnerability");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 script_copyright(english:"This script is Copyright (C) 2003-2021 A.D.Consulting France");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8500);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");

port = get_http_port(default:8500, embedded:TRUE);
if (! port ) exit(0);
dir = make_list(cgi_dirs());
foreach d (dir)
  {
   url = string(d, "/CFIDE/probe.cfm");
   req = http_get(item:url, port:port);
   buf = http_keepalive_send_recv(port:port, data:req);
   if( buf == NULL ) break;
 
  if( "Error occured in" >< buf)
   {
    if(egrep(pattern:"[A-Za-z]:\\.*probe\.cfm", string:buf))
	{
    	security_warning(port:port);
    	exit(0);
	}
   }
  }