Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
BID:9521
Info
Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
| Bugtraq ID: | 9521 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 28 2004 12:00AM |
| Updated: | Jan 28 2004 12:00AM |
| Credit: | This vulnerability as announced by the vendor. |
| Vulnerable: |
Macromedia ColdFusion MX J2EE 6.1 Macromedia ColdFusion MX 6.1 |
| Not Vulnerable: | |
Discussion
Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
ColdFusion MX has been reported prone to a security sandbox circumvention vulnerability. The issue is reported to exist because programmers have the ability to create instances of classes without using certain tags. An attacker may exploit this issue to circumvent the security sandbox of ColdFusion MX.
ColdFusion MX has been reported prone to a security sandbox circumvention vulnerability. The issue is reported to exist because programmers have the ability to create instances of classes without using certain tags. An attacker may exploit this issue to circumvent the security sandbox of ColdFusion MX.
Exploit / POC
Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
Solution:
Macromedia has released an advisory (MPSB04-01) and patches to address this issue. Further information regarding the application of the appropriate patch is available in the referenced advisory.
Macromedia ColdFusion MX 6.1
Macromedia ColdFusion MX J2EE 6.1
Solution:
Macromedia has released an advisory (MPSB04-01) and patches to address this issue. Further information regarding the application of the appropriate patch is available in the referenced advisory.
Macromedia ColdFusion MX 6.1
-
Macromedia mpsb04-01.zip
http://download.macromedia.com/pub/security/mpsb04-01.zip
Macromedia ColdFusion MX J2EE 6.1
-
Macromedia mpsb04-01.zip
http://download.macromedia.com/pub/security/mpsb04-01.zip
References
Macromedia ColdFusion MX Security Sandbox Circumvention Vulnerability
References:
References:
- Macromedia Homepage (Macromedia)
- MPSB04-01 Security Patch available for ColdFusion MX sandbox security (Macromedia)