Detections
Analytics
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
medium Nessus Plugin ID 24283
Language:
Synopsis
An application running on the remote web server is affected by an information disclosure vulnerability.Description
The version of ColdFusion running on the remote host allows an attacker to view the contents of files not interpreted by ColdFusion itself and hosted on the affected system. The problem is due to the fact that with ColdFusion, URL-encoded filenames are decoded first by IIS and then again by ColdFusion. By passing in a filename followed by a double-encoded null byte and an extension handled by ColdFusion, such as '.cfm', a remote attacker may be able to uncover sensitive information, such as credentials and hostnames contained in scripts, configuration files, etc.Solution
Upgrade to ColdFusion MX 7.0.1 if necessary and apply the appropriate patch as described in the vendor advisory referenced above.See Also
http://www.nessus.org/u?411e3cea
https://seclists.org/fulldisclosure/2007/Jan/198
https://www.adobe.com/support/security/bulletins/apsb07-02.html
Plugin Details
Severity: Medium
ID: 24283
File Name: coldfusion_double_encoded_null_info_disclosure.nasl
Version: 1.24
Type: remote
Family: CGI abuses
Published: 2/8/2007
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Information
CPE: cpe:/a:adobe:coldfusion
Required KB Items: installed_sw/ColdFusion
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 1/9/2007
Vulnerability Publication Date: 1/9/2007
Reference Information
CVE: CVE-2006-5858
BID: 21978
CWE: 20