Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
BID:13581
Info
Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13581 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | The individual or individuals responsible for disclosure of this issue is currently unknown; these issues were disclosed in the referenced vendor announcement. |
| Vulnerable: |
Macromedia ColdFusion MX 7.0 |
| Not Vulnerable: | |
Discussion
Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
Macromedia ColdFusion MX 7 is prone to a cross-site scripting vulnerability when utilizing the JRun Web Server. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in dynamically generated content.
Macromedia JRun Web Server comes packaged with ColdFusion MX 7, users of that application are advised to upgrade their ColdFusion MX 7 installation.
Macromedia ColdFusion MX 7 is prone to a cross-site scripting vulnerability when utilizing the JRun Web Server. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in dynamically generated content.
Macromedia JRun Web Server comes packaged with ColdFusion MX 7, users of that application are advised to upgrade their ColdFusion MX 7 installation.
Exploit / POC
Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
Solution:
The vendor has released an advisory (MPSB05-03) addressing this issue. Please see the referenced advisory for details on obtaining and installing the appropriate updates.
The vendor recommends using an alternate Web server for the ColdFusion MX 7 installation, defining a different default error page, or downloading the available patch:
Macromedia ColdFusion MX 7.0
Solution:
The vendor has released an advisory (MPSB05-03) addressing this issue. Please see the referenced advisory for details on obtaining and installing the appropriate updates.
The vendor recommends using an alternate Web server for the ColdFusion MX 7 installation, defining a different default error page, or downloading the available patch:
Macromedia ColdFusion MX 7.0
-
Macromedia chf70-60112.jar
http://download.macromedia.com/pub/coldfusion/hotfix/chf70-60112.jar
References
Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability
References:
References:
- ColdFusion MX Home Page (Macromedia)