Detections
Analytics

Cold Fusion Administration Page Overflow DoS

medium Nessus Plugin ID 10581

Language:

Synopsis

The remote web application server is affected by a denial of service vulnerability.

Description

A denial of service vulnerability exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to overwhelm the web server and deny legitimate web page requests.

By downloading and altering the login HTML form, an attacker can send overly large passwords (>40,0000 chars) to the server, causing it to stop responding.

Solution

Use HTTP basic authentication to restrict access to this page or remove it entirely if remote administration is not a requirement.

See Also

https://seclists.org/bugtraq/2000/Jun/109

Plugin Details

Severity: Medium

ID: 10581

File Name: cold_fusion_admin_dos.nasl

Version: 1.30

Type: remote

Family: CGI abuses

Published: 12/19/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Vulnerability Publication Date: 6/7/2000

Reference Information

CVE: CVE-2000-0538

BID: 1314