ID OSVDB:35997 Type osvdb Reporter OSVDB Modified 2003-09-22T10:01:16
Description
Vulnerability Description
ColdFusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP Referer field upon submission to the ColdFusion server. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Technical Description
This vulnerability is only present when the "Robust Exception Information" and/or "Debugging" options are enabled.
Solution Description
Adobe / Macromedia has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: turn off the "Robust Exception Information" and "Debugging" options.
Short Description
ColdFusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP Referer field upon submission to the ColdFusion server. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"href": "https://vulners.com/osvdb/OSVDB:35997", "id": "OSVDB:35997", "reporter": "OSVDB", "published": "2003-09-22T10:01:16", "description": "## Vulnerability Description\nColdFusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP Referer field upon submission to the ColdFusion server. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nThis vulnerability is only present when the \"Robust Exception Information\" and/or \"Debugging\" options are enabled.\n## Solution Description\nAdobe / Macromedia has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: turn off the \"Robust Exception Information\" and \"Debugging\" options.\n## Short Description\nColdFusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP Referer field upon submission to the ColdFusion server. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nGET /some/arbitrary.cfm HTTP/1.0\nAccept: */*\nAccept-Language: en-us\nCookie: CFGLOBALS=HITCOUNT%3D12%23LASTVISIT%3D%7Bts+%272007%2D07%2D13+04%3A58%3A58%27%7D%23TIMECREATED%3D%7Bts+%272007%2D07%2D13+04%3A36%3A45%27%7D%23; CFID=819893; CFTOKEN=24953302\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\nHost: 127.0.0.1\nReferer: <script>alert('BTINS-Referer-XSS')</script>\nProxy-Connection: Keep-Alive\n## References:\n[Vendor Specific Advisory URL](http://www.adobe.com/devnet/security/security_zone/mpsb03-06.html)\n[Vendor Specific Advisory URL](http://www.macromedia.com/devnet/security/security_zone/mpsb03-06.html)\n[Secunia Advisory ID:9807](https://secuniaresearch.flexerasoftware.com/advisories/9807/)\n[Related OSVDB ID: 2578](https://vulners.com/osvdb/OSVDB:2578)\n[Related OSVDB ID: 15814](https://vulners.com/osvdb/OSVDB:15814)\n", "title": "ColdFusion Referer HTTP Header Field XSS", "lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 0.0, "vector": "NONE"}, "references": [], "edition": 1, "cvelist": [], "affectedSoftware": [{"name": "ColdFusion", "operator": "eq", "version": "5.0"}, {"name": "ColdFusion MX J2EE", "operator": "eq", "version": "6.0"}, {"name": "ColdFusion MX", "operator": "eq", "version": "6.0"}, {"name": "ColdFusion MX", "operator": "eq", "version": "6.1"}, {"name": "ColdFusion MX J2EE", "operator": "eq", "version": "6.1"}], "viewCount": 4, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:32", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:32", "rev": 2}, "vulnersScore": -0.1}, "modified": "2003-09-22T10:01:16"}
