English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 123947 CVE descriptions
and 58962 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10581
Category:Web application abuses
Title:Cold Fusion Administration Page Overflow
Summary:A denial of service vulnerability exists within the Allaire;ColdFusion web application server (version 4.5.1 and earlier) which allows an ;attacker to overwhelm the web server and deny legitimate web page requests.;;By downloading and altering the login HTML form an attacker can send overly ;large passwords (>40,0000 chars) to the server, causing it to stop responding.
Description:Summary:
A denial of service vulnerability exists within the Allaire
ColdFusion web application server (version 4.5.1 and earlier) which allows an
attacker to overwhelm the web server and deny legitimate web page requests.

By downloading and altering the login HTML form an attacker can send overly
large passwords (>40,0000 chars) to the server, causing it to stop responding.

Solution:
Use HTTP basic authentication to restrict access to this page or
remove it entirely if remote administration is not a requirement.
A patch should be available from allaire - www.allaire.com..

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: BugTraq ID: 1314
Common Vulnerability Exposure (CVE) ID: CVE-2000-0538
Bugtraq: 20000607 New Allaire ColdFusion DoS (Google Search)
http://marc.info/?l=bugtraq&m=96045469627806&w=2
Allaire Security Bulletin: ASB00-14
http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
http://www.securityfocus.com/bid/1314
XForce ISS Database: coldfusion-parse-dos(4611)
https://exchange.xforce.ibmcloud.com/vulnerabilities/4611
http://www.osvdb.org/3399
CopyrightThis script is Copyright (C) 2000 Matt Moore

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.