Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ColdFusion Error Page XSS

Medium

Synopsis

The remote host is running a vulnerable version of Macromedia ColdFusion, a web application server.

Description

The remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a Cross-Site Scripting (XSS) flaw in the way that it handles displaying error pages. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Further, the Macromedia site would need to be utilizing the JRUN web server (installed by default, but not recommended for production services). Successful exploitation would result in the potential loss of confidential data (such as authentication cookies).

Solution

Upgrade or patch according to vendor recommendations.