| GEN:SID | 1:909 |
| Message | WEB-COLDFUSION datasource username attempt |
| Summary | This even indicates an attempt to exploit undocumented CFML tags on a Allaire ColdFusion Server |
| Impact | Extensive server data retrieval including settings and passwords |
| Detailed Information | Undocumented CFML tags allow reading and decryption of sensitive data contained on servers running Allaire ColdFusion Server 2.0 - 4.0.1. This data can be accesses by constructing a hosted application that accesses these undocumented tags with the possibility of changing values on the server and reading admin and studio passwords |
| Affected Systems | Allaire ColdFusion Server 2.0 - 4.0.1 |
| Attack Scenarios | A user with permission to create pages on the server installs an application that accesses the undocumented CFML tags, accessing this application would allow viewing and possible modifications of these settings |
| Ease of Attack | Medium, Attackers need the ability to add files to the server. No "In the Wild" exploits were available at type of writing |
| Corrective Action | Patches are available from Allaire, install them. |
| Additional References | |
| Rule References | bugtraq: 550
|