ColdFusion Error Page XSS
Medium Nessus Network Monitor Plugin ID 2893
SynopsisThe remote host is running a vulnerable version of Macromedia ColdFusion, a web application server.
DescriptionThe remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a Cross-Site Scripting (XSS) flaw in the way that it handles displaying error pages. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Further, the Macromedia site would need to be utilizing the JRUN web server (installed by default, but not recommended for production services). Successful exploitation would result in the potential loss of confidential data (such as authentication cookies).
SolutionUpgrade or patch according to vendor recommendations.