Cold Fusion Administration Page Overflow Network Vulnerability

Summary

A denial of service vulnerability exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to overwhelm the web server and deny legitimate web page requests. By downloading and altering the login HTML form an attacker can send overly large passwords (>40,0000 chars) to the server, causing it to stop responding.

Solution

Use HTTP basic authentication to restrict access to this page or remove it entirely if remote administration is not a requirement. A patch should be available from allaire - www.allaire.com..

Severity

Classification

CVE CVE-2000-0538
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache Struts2 showcase namespace XSS Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities