Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure

medium Nessus Plugin ID 40667

Synopsis

An application running on the remote web server is affected by an information disclosure vulnerability.

Description

The remote host is running a version of ColdFusion on Apache that is affected by an information disclosure vulnerability. When requesting a non-ColdFusion file, appending a double-encoded null byte and an extension handled by ColdFusion (such as '.cfm') will display the contents of that file. A remote attacker can exploit this to view the source code of other files on the web server (e.g. PHP scripts), which may contain credentials or other sensitive information.

This vulnerability is similar to CVE-2006-5858, which affected systems running ColdFusion on IIS. This vulnerability reportedly only affects systems running ColdFusion on Apache.

Solution

Apply the relevant hotfix referenced in the vendor's advisory.

See Also

https://www.adobe.com/support/security/bulletins/apsb09-12.html

Plugin Details

Severity: Medium

ID: 40667

File Name: coldfusion_apache_double_null_info_disclosure.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 8/21/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: installed_sw/Apache, installed_sw/ColdFusion

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 8/17/2009

Vulnerability Publication Date: 8/17/2009

Reference Information

CVE: CVE-2009-1876

BID: 36096

Secunia: 36329