ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure

medium Nessus Plugin ID 24283


An application running on the remote web server is affected by an information disclosure vulnerability.


The version of ColdFusion running on the remote host allows an attacker to view the contents of files not interpreted by ColdFusion itself and hosted on the affected system. The problem is due to the fact that with ColdFusion, URL-encoded filenames are decoded first by IIS and then again by ColdFusion. By passing in a filename followed by a double-encoded null byte and an extension handled by ColdFusion, such as '.cfm', a remote attacker may be able to uncover sensitive information, such as credentials and hostnames contained in scripts, configuration files, etc.


Upgrade to ColdFusion MX 7.0.1 if necessary and apply the appropriate patch as described in the vendor advisory referenced above.

See Also

Plugin Details

Severity: Medium

ID: 24283

File Name: coldfusion_double_encoded_null_info_disclosure.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 2/8/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 1.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N


Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: installed_sw/ColdFusion

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 1/9/2007

Vulnerability Publication Date: 1/9/2007

Reference Information

CVE: CVE-2006-5858

BID: 21978

CWE: 20