|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466
|
| |
Vulnerable Systems:
* Adobe Macromedia ColdFusion MX version 7.0.2
Immune Systems:
*
The vulnerability specifically exists in that URL encoded filenames will be decoded by the IIS process and then again by the ColdFusion process. By supplying a URL containing a double encoded null byte and an extension handled by ColdFusion, such as '.cfm', it is possible to view the contents of any file which is not interpreted by ColdFusion.
Analysis:
Successful exploitation would allow a remote attacker to view the contents of a file on the affected server. Depending on the layout of the files on the server, this could include configuration files, source code written in another scripting language, log files or other data files. Although this vulnerability does not in itself allow execution of code on the server, it may allow an attacker to discover sensitive information such as passwords or to discover vulnerabilities in other scripts on the system or potentially bypass some security restrictions.
Vendor Response:
Adobe has released a patch for this issue. For more information consult their advisory at the link: http://www.adobe.com/support/security/bulletins/apsb07-02.html
CVE Information:
CVE-2006-5858
Disclosure Timeline:
11/08/2006 - Initial vendor notification
11/09/2006 - Initial vendor response
01/09/2007 - Coordinated public disclosure
|
|
|
|
|
