A security vulnerability in Cold Fusion server allows remote attackers to cause the Cold Fusion server to crash, sometimes taking with in the entire system. The problem enables remote attackers to launch a denial of service attack against the web-based services on the server.
Credit:
The information has been provided by Niels Heinen.
Vulnerable systems:
Cold Fusion Server Professional 4.5.1
During installation of the Cold Fusion server, the user is given the chance to load specific example scripts. One of these example scripts is a search engine. This search engine has the ability to detect whether the directories on the server are indexed. If the directories are not indexed, the search engine calls a second script that indexes the directories. A remote user through a web browser can also make requests to this indexing script.
The problem is that while doing this, the CPU usage will rise to 70% load. If several requests are made, the server's CPU increases to 100% load level and remains there. In some tests, the Cold Fusion server (cfserver.exe) stopped handling requests completely.
A malicious user could potentially launch a denial of service attack by requesting the indexing script several times.
Solution:
Allaire created a document last year (recently updated), which covers the example scripts that are (optionally) installed with the server. Allaire clearly advocates the removal of these examples as a best practice.
