lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 26 Apr 2003 11:06:44 +0530
From: "Network Intelligence India Pvt. Ltd." <info@....co.in>
To: <bugtraq@...urityfocus.com>, <ntbugtraq@...tserv.ntbugtraq.com>,
   <full-disclosure@...ts.netsys.com>
Subject: NII Advisory - Path Disclosure in Cold Fusion MX Server


===================================================
Path Disclosure in Macromedia ColdFusion MX Server
Vendor: Macromedia http://www.macromedia.com
Versions affected: ColdFusion MX Server
Operating System: Windows 2000
Date: 26th April 2003
Severity: Low

Network Intelligence India Pvt. Ltd. http://www.nii.co.in
Online location: http://www.nii.co.in/vuln/pdmac.html
===================================================


Background:
=========
Macromedia Cold Fusion MX Server is a powerful web application server that lets you create robust sites and applications without a long learning curve.


Description:
=========
In its default installation, the Macromedia ColdFusion MX Server starts a web server (jrun) on port 8500. This is mainly for administrative purposes. When this server is accessed with the following URL http://host:8500/CFIDE/probe.cfm, an error message is displayed which reveals the Physical path of the location where the MX Server has been installed.

Error occured in:
C:\CFusionMX\wwwroot\CFIDE\probe.cfm:line56

Vendor Response:
=============
The vendor response is that this is a feature controlled by the 'Debugging Settinsg' page in the Administrator console. 
[X] Enable Robust Exception Information. This checkbox is checked by default on a new installation to allow application development. For a production system the checkbox must be disabled.


Impact:
=====
Like with any other Path Disclosure, this bug would only allow vital information to be disclosed. By itself, it will not allow for a system compromise, but in conjunction with some other vulnerability in a Web app or in the server, it might be dangerous.


Workaround:
==========
Disable the checkbox mentioned above in a production environment. Alternatively, firewall the 8500 port to disable outside access to the administrator's console. It looks like the old debate on feature-or-bug, where the default configuration is not secure out-of-the-box.


About NII
========
Network Intelligence India Pvt. Ltd. is an IT Security firm specializing in Security Audits, Training and Research.
You may read our other advisories at http://www.nii.co.in/research/advisories.html

We also develop host-based security auditing software - AuditPro for Windows, Unix, SQL, and Oracle
http://www.nii.co.in/products.html


Disclaimer:
=========
The information contained in this advisory is copyright (c) 2003 Network Intelligence India Pvt. Ltd. This advisory may be redistributed, provided that no fee is assigned and that the advisory is not modified in any way.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ