what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

coldfusion.path.txt

coldfusion.path.txt
Posted Apr 23, 2002
Authored by Peter Grundl

Cold Fusion v5.0 on Windows 2000 w. IIS5 contains a bug because requests for certain DOS-devices are parsed by the isapi filter that handles .cfm and .dbm result in error messages containing the physical path to the web root.

tags | web, root
systems | windows
SHA-256 | e1c8dfbb628e1242d3787672e22d4588966e1ef76382598ce80d04e1ad70f7e9

coldfusion.path.txt

Change Mirror Download
--------------------------------------------------------------------

Title: Coldfusion Path Disclosure

BUG-ID: 2002013
Released: 18th Apr 2002
--------------------------------------------------------------------

Problem:
========
Requests for certain DOS-devices are parsed by the isapi filter that
handles .cfm and .dbm and result in error messages containing the
physical path to the web root.


Vulnerable:
===========
- Coldfusion 5.0 on Windows 2000 w. IIS5
- Other versions were not tested.


Details:
========
Requests for non-existant .cfm and .dbm files return a coldfusion
"Object Not Found" error message similar to this:

"Error Occurred While Processing Request
Error Diagnostic Information
An error has occurred.


HTTP/1.0 404 Object Not Found"


Requesting a DOS-device, such as nul.dbm or nul.cfm returns:

"Error Occurred While Processing Request
Error Diagnostic Information
Cannot open CFML file


The requested file "C:\data\nul.dbm" cannot be found.


The specific sequence of files included or processed is:
C:\data\nul.dbm


Date/Time: 04/18/02 11:32:16
Browser: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
Remote Address: xxx.xxx.xxx.xxx"


A similar result can be achieved with this request:

/nul..dbm

which returns:

"Error Occurred While Processing Request
Error Diagnostic Information
The template specification, 'C:\data\nul..dbm', is illegal.

Template specifications cannot include '..' nor begin with a backslash
('\\')."


Vendor URL:
===========
You can visit the vendors webpage here: http://www.coldfusion.com


Vendor response:
================
The vendor was contacted on the 26th of November, 2001. The vendor
suggested a workaround for the problem on the 8th of January, 2002.
This advisory was delayed was due to a lapse of communication.


Corrective action:
==================
The vendor suggests turning on "Check that file exists":

Windows 2000:
1. Open the Management console
2. Click on "Internet Information Services"
3. Right-click on the website and select "Properties"
4. Select "Home Directory"
5. Click on "Configuration"
6. Select ".cfm"
7. Click on "Edit"
8. Make sure "Check that file exists" is checked
9. Do the same for ".dbm"


Author: Peter Gr√ľndl (pgrundl@kpmg.dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close