Allaire ClusterCATS URL Redirect Vulnerability
BID:1179
Info
Allaire ClusterCATS URL Redirect Vulnerability
| Bugtraq ID: | 1179 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 08 2000 12:00AM |
| Updated: | May 08 2000 12:00AM |
| Credit: | Publicized by Allaire in an Allaire Security Bulletin (ASB00-12) on May 8, 2000. |
| Vulnerable: |
Allaire ClusterCATS 1.0 |
| Not Vulnerable: | |
Discussion
Allaire ClusterCATS URL Redirect Vulnerability
While performing a URL redirect, Allaire ClusterCATS may append stale information to the URL which can contain sensitive information.
While performing a URL redirect, Allaire ClusterCATS may append stale information to the URL which can contain sensitive information.
Exploit / POC
Allaire ClusterCATS URL Redirect Vulnerability
see discussion
see discussion
Solution / Fix
Allaire ClusterCATS URL Redirect Vulnerability
Solution:
Allaire has released a patch which rectifies this issue. Follow these steps to apply the patch:
1.Stop the Bright Tiger service on each server through control panel - services.
2.Go to the cfusion\brighttiger\program directory and rename teserver.dll to teserver.old
3.Copy the new teserver.dll file into the brighttiger\program directory on each server.
4.Start the Bright Tiger service on each server.
Allaire ClusterCATS 1.0
Solution:
Allaire has released a patch which rectifies this issue. Follow these steps to apply the patch:
1.Stop the Bright Tiger service on each server through control panel - services.
2.Go to the cfusion\brighttiger\program directory and rename teserver.dll to teserver.old
3.Copy the new teserver.dll file into the brighttiger\program directory on each server.
4.Start the Bright Tiger service on each server.
Allaire ClusterCATS 1.0
-
Allaire teserver
Those running versions of ColdFusion prior to 4.5.1 must upgrade to 4.5.1 before applying the patch.
ftp://ftp.allaire.com/outgoing/clustercats/teserver.dll
References
Allaire ClusterCATS URL Redirect Vulnerability
References:
References: