FrSIRT - Adobe ColdFusion Client-Side Cross Site Scripting Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Adobe ColdFusion Client-Side Cross Site Scripting Vulnerabilities

Title : Adobe ColdFusion Client-Side Cross Site Scripting Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0862
CVE ID : CVE-2008-0643 - CVE-2008-0644 - CVE-2008-1203
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-03-12

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Adobe ColdFusion, which could be exploited to conduct cross site scripting and brute-force attacks.

The first issue is specific to ColdFusion and Windows IIS 6 installations and is caused by an input validation error when processing the "User-Agent" header, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.

The second vulnerability is caused by an input validation error when processing user-supplied data while the "Application.cfm" or "Application.cfc" files contains the "setEncoding" function, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.

The third weakness is caused by a design error in the admin interface that does not log failed log-in attempts, which could potententially facilitate brute-force attacks.

Credits

Vulnerabilities reported by Millennium Communications, Shigeyoshi Muraoka (IT Frontier Corporation), and the vendor.

ChangeLog

2008-03-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service