ColdFusion MX 6.1 on IIS File Contents Disclosure 1.5
 
Plugin ID320
Plugin nameColdFusion MX 6.1 on IIS File Contents Disclosure
Plugin filenameColdFusion MX 6.1 on IIS File Contents Disclosure.plugin
Plugin filesize2784 bytes
Plugin familyEnumeration
Plugin created nameDavid Nester
Plugin created emaildavid at icrew dot org
Plugin created webhttp://www.icrew.org
Plugin created companyiCrew Security
Plugin created date2004/12/03
Plugin updated nameDavid Nester
Plugin updated emaildavid at icrew dot org
Plugin updated webhttp://www.icrew.org/
Plugin updated companyiCrew Security
Plugin updated date2004/12/05
Plugin version1.5
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Microsoft-IIS/4.0* OR HTTP/#.# ### *Microsoft-IIS/5.[0-1]* OR HTTP/#.# ### *Microsoft-IIS/6.0*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published webhttp://www.macromedia.com/software/coldfusion/
Bug published date2004/10/05
Bug produced nameMacromedia Cold Fusion
Bug produced webhttp://www.macromedia.com/software/coldfusion/
Bug not affectedOther versions or solutions
Bug vulnerability classConfiguration
Bug descriptionColdFusion is a web application programming language used to deliver dynamic web content and web services. An input validation error has been discovered in the way the ColdFusion MX server parses file type extensions. By supplying an invalid extension an attacker may be able to view previously restricted files on the web server.
Bug solutionApply the latest security patch from the vendor. http://www.macromedia.com/software/coldfusion/
Bug fixing timeApprox. 1 hour
Bug exploit availabilityNo
Bug remoteYes
Bug localNo
Bug severityMedium
Bug popularity6
Bug simplicity1
Bug impact5
Bug risk6
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.macromedia.com/software/coldfusion/

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.