[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : ColdFusion Denial of Service vulnerability in sample script

Title: ColdFusion Denial of Service vulnerability in sample script
Released by: Niels Heinen
Date: 9th December 2000
Printable version: Click here
**************************************************************************



Subject: ColdFusion Denial of Service vulnerability in sample script

Software: ColdFusion Server Professional 4.5.1 Eval for Windows (SP2)

Risk Level: Medium

Author: Niels Heinen

Vendor Status: The vendor has released a document concerning this

problem

Exploitable: Remotely

**************************************************************************



Impact of the vulnerability:

=============================

The vulnerability can crash the ColdFusion server and in some cases the

system it is installed on. The problem will potentially cause the denial

of web-

based services on the server.



Who's vulnerable ?

===================

All servers running ColdFusion version 4.5.1 with certain optional

example scripts. To be vulnerable, the administrator must have

first chosen the example scripts during installation.



Technical description:

========================

During installation of the ColdFusion server, the user is given the

chance to load specific example scripts. One of these example scripts

is a search engine. This search engine has the ability to detect whether



the directories on the server are indexed. If the directories are not

indexed, the search engine calls a second script that indexes the

directories. Requests to this indexing script can also be made by

a remote user through a web browser.



The problem is that while doing this, the CPU usage will rise to

70% load. If several requests are made, the server's CPU increases to

100% load level and remains there. In some tests, the ColdFusion server

(cfserver.exe) stopped handling requests completely.



A malicious user could potentially launch a denial of service attack

by requesting the indexing script several times.



Solution:

==========

Allaire created a document last year (recently updated).

This document covers the example scripts that are (optionally)

installed with the server. Allaire clearly advocates

the removal of these examples as a best practice.



This document is available on the Allaire web site at:



http://www.allaire.com/Handlers/index.cfm?ID=16258&Method=Full



In future Allaire will make the second, indexing script only

accessible from the local host.  like all the other example scripts.



More information:

==================

Bug Finder: Niels Heinen

Allaire web site: http://www.allaire.com

Allaire security email: security@allaire.com

SecurityWatch.com: http://www.securitywatch.com



We wish to thank Allaire and especially Malcolm Gin for the quick

response and level of cooperation.



Disclaimer:

=============

**************************************************************************



All documents and services are provided as is. Ubizen expressly

disclaims

all warranties, express or implied, including without limitation any

implied warranties of merchantability or fitness for a particular

purpose, and warranties as to the accuracy, completeness or adequacy of

information.  Ubizen cannot be held accountable for any incorrect or

erroneous information. By using the provided documents or services,

the user assumes all risks.

**************************************************************************
















(C) 1999-2000 All rights reserved.