Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:923 |
| Message | WEB-COLDFUSION getodbcin attempt |
| Summary | This even indicates an attempt to exploit undocumented CFML tags on a Allaire ColdFusion Server |
| Impact | Extensive server data retrieval including settings and passwords |
| Detailed Information | Undocumented CFML tags allow reading and decryption of sensitive data contained on servers running Allaire ColdFusion Server 2.0 - 4.0.1. This data can be accesses by constructing a hosted application that accesses these undocumented tags with the possibility of changing values on the server and reading admin and studio passwords |
| Affected Systems | Allaire ColdFusion Server 2.0 - 4.0.1 |
| Attack Scenarios | A user with permission to create pages on the server installs an application that accesses the undocumented CFML tags, accessing this application would allow viewing and possible modifications of these settings |
| Ease of Attack | Medium, Attackers need the ability to add files to the server. No "In the Wild" exploits were available at type of writing |
| Corrective Action | Patches are available from Allaire, install them. |
| Additional References | |
| Rule References | bugtraq: 550 |
--
DID:114366
--
http://www.aanval.com/