Intrusion Prevention

Displayfile

Description

It indicates a possible exploit of undocumented CFML tags usage vulnerability on a Allaire ColdFusion Server.

ColdFusion is a web application that can be used to build sophisticated web sites. A vulnerability is reported in the ColdFusion that allows a malicious user to retreive admin and studio password by using undocumentd tags such as CFAdmin_Registry_GET in combination with cfusion_encrypt() and cfusion_decrypt() functions.

Affected Products

Allaire cold fusion server 4.01 and earlier.

Impact

Gain acees to the cold fusion server data.

Recommended Actions

Apply approriate patch as given by the vendor or upgrade to later versions.

CVE References

CVE-1999-0760

Other References

1 1