Lucene search

Macromedia ColdFusion MX Path Disclosure Vulnerability

Macromedia ColdFusion MX Path Disclosure Vulnerability. Vulnerability in ColdFusion MX may reveal physical path information to attackers

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2003-1469	24 Oct 200723:00	–	cvelist
OpenVAS	Macromedia ColdFusion MX Path Disclosure Vulnerability	3 Nov 200500:00	–	openvas
Tenable Nessus	Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure	30 Apr 200300:00	–	nessus
NVD	CVE-2003-1469	31 Dec 200305:00	–	nvd
CVE	CVE-2003-1469	24 Oct 200723:00	–	cve

Source	Link
securityfocus	www.securityfocus.com/bid/7443

# SPDX-FileCopyrightText: 2003 A.D.Consulting France
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

# Macromedia ColdFusion MX Path Disclosure Vulnerability
#
# http://www.k-otik.com/bugtraq/04.26.coldfusion.php

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.11558");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2003-1469");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/7443");
  script_name("Macromedia ColdFusion MX Path Disclosure Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_vul");
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2003 A.D.Consulting France");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 8500);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution", value:"Change the 'Debugging Settings' on the Administrator console
  of the ColdFusion server. This can be achieved by disabling the 'Enable Robust Exception Information' option.");

  script_tag(name:"summary", value:"A vulnerability has been reported for Macromedia ColdFusion MX that
  may reveal the physical path information to attackers.");

  script_tag(name:"insight", value:"When certain malformed URL requests (port 8500) are received by the server, an
  error message is returned containing the full path of the ColdFusion installation.");

  script_tag(name:"solution_type", value:"Workaround");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
include("misc_func.inc");

port = http_get_port(default:8500);

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = string(dir, "/CFIDE/probe.cfm");
  req = http_get(item:url, port:port);
  buf = http_keepalive_send_recv(port:port, data:req);
  if( ! buf ) continue;

  # nb: It isn't clear if the typo in occurred is expected in the application or if
  # there was this typo from the beginning in the code so try both variants...
  if( buf =~ "Error occur?red in" && egrep(pattern:"[A-Z]:\\.*probe\.cfm", string:buf)) {
    report = http_report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Nov 2005 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS25

EPSS0.01498