Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
BID:1314
Info
Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
| Bugtraq ID: | 1314 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 07 2000 12:00AM |
| Updated: | Jun 07 2000 12:00AM |
| Credit: | Discovered by Stuart McClure <[email protected]> and publicized in a Foundstone Security Advisory (FS-060700-1-CFM) on June 7, 2000. |
| Vulnerable: |
Allaire ColdFusion Server 4.5.1 Allaire ColdFusion Server 4.5 Allaire ColdFusion Server 4.0.1 Allaire ColdFusion Server 4.0 Allaire ColdFusion Server 3.1.2 Allaire ColdFusion Server 3.1.1 Allaire ColdFusion Server 3.1 Allaire ColdFusion Server 3.0.1 Allaire ColdFusion Server 3.0 Allaire ColdFusion Server 2.0 |
| Not Vulnerable: | |
Discussion
Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page. CPU utilization could reach up to 100%, bringing the program to halt. The default form for the login page would prevent such an attack. However, a malicious user could download the form locally to their hard drive, modify HTML tag fields, and be able to submit the 40 000 character string to the ColdFusion Server.
Restarting the application would be required in order to regain normal functionality.
Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page. CPU utilization could reach up to 100%, bringing the program to halt. The default form for the login page would prevent such an attack. However, a malicious user could download the form locally to their hard drive, modify HTML tag fields, and be able to submit the 40 000 character string to the ColdFusion Server.
Restarting the application would be required in order to regain normal functionality.
Exploit / POC
Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
The Administrator login page can be typically accessed via:
http://target/cfide/administrator/index.cfm
Modify the field size and POST action in the HTML tags to allow for the input of a character string consisting of over 40 000 characters.
The Administrator login page can be typically accessed via:
http://target/cfide/administrator/index.cfm
Modify the field size and POST action in the HTML tags to allow for the input of a character string consisting of over 40 000 characters.
Solution / Fix
Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
Solution:
Allaire are aware of the issue and are working towards a fix with the release of ColdFusion 4.6.
Solution:
Allaire are aware of the issue and are working towards a fix with the release of ColdFusion 4.6.
References
Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
References:
References:
- Cold Fusion Server Product Home Page (Allaire)
- Security Advisory (FS-060700-1-CFM) (Foundstone)
- Security Best Practice: Securing the ColdFusion Administrator (Allaire)