Network Intelligence India Pvt. Ltd.
28/04/03, 22:35
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Path Disclosure in Macromedia ColdFusion MX Server
Vendor: Macromedia http://www.macromedia.com
Versions affected: ColdFusion MX Server
Operating System: Windows 2000
Date: 26th April 2003
Severity: Low
Network Intelligence India Pvt. Ltd. http://www.nii.co.in
Online location: http://www.nii.co.in/vuln/pdmac.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Background:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Macromedia Cold Fusion MX Server is a powerful web application server =
that lets you create robust sites and applications without a long =
learning curve.
Description:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
In its default installation, the Macromedia ColdFusion MX Server starts =
a web server (jrun) on port 8500. This is mainly for administrative =
purposes. When this server is accessed with the following URL =
http://host:8500/CFIDE/probe.cfm, an error message is displayed which =
reveals the Physical path of the location where the MX Server has been =
installed.
Error occured in:
C:\CFusionMX\wwwroot\CFIDE\probe.cfm:line56
Vendor Response:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The vendor response is that this is a feature controlled by the =
'Debugging Settinsg' page in the Administrator console.=20
[X] Enable Robust Exception Information. This checkbox is checked by =
default on a new installation to allow application development. For a =
production system the checkbox must be disabled.
Impact:
=3D=3D=3D=3D=3D
Like with any other Path Disclosure, this bug would only allow vital =
information to be disclosed. By itself, it will not allow for a system =
compromise, but in conjunction with some other vulnerability in a Web =
app or in the server, it might be dangerous.
Workaround:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Disable the checkbox mentioned above in a production environment. =
Alternatively, firewall the 8500 port to disable outside access to the =
administrator's console. It looks like the old debate on feature-or-bug, =
where the default configuration is not secure out-of-the-box.
About NII
=3D=3D=3D=3D=3D=3D=3D=3D
Network Intelligence India Pvt. Ltd. is an IT Security firm specializing =
in Security Audits, Training and Research.
You may read our other advisories at =
http://www.nii.co.in/research/advisories.html
We also develop host-based security auditing software - AuditPro for =
Windows, Unix, SQL, and Oracle
http://www.nii.co.in/products.html
Disclaimer:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
The information contained in this advisory is copyright (c) 2003 Network =
Intelligence India Pvt. Ltd. This advisory may be redistributed, =
provided that no fee is assigned and that the advisory is not modified =
in any way.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Path Disclosure in Macromedia ColdFusion MX Server
Vendor: Macromedia http://www.macromedia.com
Versions affected: ColdFusion MX Server
Operating System: Windows 2000
Date: 26th April 2003
Severity: Low
Network Intelligence India Pvt. Ltd. http://www.nii.co.in
Online location: http://www.nii.co.in/vuln/pdmac.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Background:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Macromedia Cold Fusion MX Server is a powerful web application server =
that lets you create robust sites and applications without a long =
learning curve.
Description:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
In its default installation, the Macromedia ColdFusion MX Server starts =
a web server (jrun) on port 8500. This is mainly for administrative =
purposes. When this server is accessed with the following URL =
http://host:8500/CFIDE/probe.cfm, an error message is displayed which =
reveals the Physical path of the location where the MX Server has been =
installed.
Error occured in:
C:\CFusionMX\wwwroot\CFIDE\probe.cfm:line56
Vendor Response:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The vendor response is that this is a feature controlled by the =
'Debugging Settinsg' page in the Administrator console.=20
[X] Enable Robust Exception Information. This checkbox is checked by =
default on a new installation to allow application development. For a =
production system the checkbox must be disabled.
Impact:
=3D=3D=3D=3D=3D
Like with any other Path Disclosure, this bug would only allow vital =
information to be disclosed. By itself, it will not allow for a system =
compromise, but in conjunction with some other vulnerability in a Web =
app or in the server, it might be dangerous.
Workaround:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Disable the checkbox mentioned above in a production environment. =
Alternatively, firewall the 8500 port to disable outside access to the =
administrator's console. It looks like the old debate on feature-or-bug, =
where the default configuration is not secure out-of-the-box.
About NII
=3D=3D=3D=3D=3D=3D=3D=3D
Network Intelligence India Pvt. Ltd. is an IT Security firm specializing =
in Security Audits, Training and Research.
You may read our other advisories at =
http://www.nii.co.in/research/advisories.html
We also develop host-based security auditing software - AuditPro for =
Windows, Unix, SQL, and Oracle
http://www.nii.co.in/products.html
Disclaimer:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
The information contained in this advisory is copyright (c) 2003 Network =
Intelligence India Pvt. Ltd. This advisory may be redistributed, =
provided that no fee is assigned and that the advisory is not modified =
in any way.