ColdFusion fileexists.cfm Verify File Existence

1999-02-04T00:00:00
ID OSVDB:3238
Type osvdb
Reporter OSVDB
Modified 1999-02-04T00:00:00

Description

Vulnerability Description

ColdFusion contains a flaw that allows a remote attacker to confirm the existence of any file on the server. The flaw is due to poor sanity checking on arguments passed to the fileexists.cfm script.

Solution Description

Users of ColdFusion 4.0 should upgrade or patch to version 4.0.1 or higher, as it has been reported to fix this vulnerability. Users of ColdFusion 2.x or 3.x should remove all sample applications, as the 4.0.1 patch does not apply to your installations.

Short Description

ColdFusion contains a flaw that allows a remote attacker to confirm the existence of any file on the server. The flaw is due to poor sanity checking on arguments passed to the fileexists.cfm script.

References:

Snort Signature ID: 910 Other Advisory URL: http://www.macromedia.com/devnet/security/security_zone/asb99-02.html ISS X-Force ID: 1743 CVE-1999-0923