CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
90.9%
A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers.
When certain malformed URL requests (port 8500) are received by the server, an error message is returned containing the full path of the ColdFusion installation.
#%NASL_MIN_LEVEL 70300
#
# This script was written by BEKRAR Chaouki <[email protected]>
#
# Macromedia ColdFusion MX Path Disclosure Vulnerability
#
# https://web.archive.org/web/20030713132233/http://www.k-otik.com/bugtraq/04.26.coldfusion.php
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11558);
script_cve_id("CVE-2003-1469");
script_bugtraq_id(7443);
script_version("1.21");
script_name(english:"Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running an application that is affected by an
information disclosure vulnerability." );
script_set_attribute(attribute:"description", value:
"A vulnerability has been reported for Macromedia ColdFusion MX that
may reveal the physical path information to attackers.
When certain malformed URL requests (port 8500) are received by the
server, an error message is returned containing the full path of the
ColdFusion installation." );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/319867/30/0/threaded" );
script_set_attribute(attribute:"solution", value:
"Change the 'Debugging Settings' on the Administrator console of the
ColdFusion server. This can be achieved by disabling the 'Enable
Robust Exception Information' option." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(200);
script_set_attribute(attribute:"plugin_publication_date", value: "2003/04/30");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:macromedia:coldfusion");
script_end_attributes();
script_summary(english:"Macromedia ColdFusion MX Path Disclosure Vulnerability");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2003-2021 A.D.Consulting France");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 8500);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");
port = get_http_port(default:8500, embedded:TRUE);
if (! port ) exit(0);
dir = make_list(cgi_dirs());
foreach d (dir)
{
url = string(d, "/CFIDE/probe.cfm");
req = http_get(item:url, port:port);
buf = http_keepalive_send_recv(port:port, data:req);
if( buf == NULL ) break;
if( "Error occured in" >< buf)
{
if(egrep(pattern:"[A-Za-z]:\\.*probe\.cfm", string:buf))
{
security_warning(port:port);
exit(0);
}
}
}