SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 11:38 AM EST

Macromedia ColdFusion MX Security Bypass Vulnerability

    
Monday, October 04 2004 @ 11:34 AM EDT

MacromediaEric Lackey has reported a vulnerability in ColdFusion MX, which can be exploited by malicious, authenticated users to bypass certain security restrictions.

The vulnerability is caused due to an error, which can be exploited to call restricted methods through an object of a specially crafted class written to the ColdFusion library directory.

Successful exploitation may e.g. disclose the administrative password, but requires permissions to create a Cold Fusion template on a server with CreateObject or cfobject tags enabled.

The vulnerability has been reported in version 6.1. Other versions may also be affected.

SOLUTION:
Grant only trusted users permissions to create templates on the ColdFusion MX server.

PROVIDED AND/OR DISCOVERED BY:
Eric Lackey
 
What's Related

Story Options

Macromedia ColdFusion MX Security Bypass Vulnerability | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds