ColdFusion exprcalc.cfm OpenFilePath Variable Arbitrary File Disclosure 1998-12-25 00:00:00 1970-01-01 00:00:00 1998-12-25 00:00:00 1 1 1 1 1 1 Macromedia, Inc. ColdFusion 2.0 Macromedia, Inc. ColdFusion 3.0 Macromedia, Inc. ColdFusion 3.1 Macromedia, Inc. ColdFusion 4.0 911 1999-0455 http://www.macromedia.com/devnet/security/security_zone/asb99-01.html 115 1740 http://www.phrack.org/phrack/54/P54-08 10001 RFP RFP Labs rfp@wiretrip.net http://www.wiretrip.net/rfp Upgrade to version 4.0.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by removing all sample code and documentation from the server. ColdFusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker specifies the OpenFilePath variable in the Expression Evaluator. This allows an attacker to view the contents of arbitrary files on the server and may result in a loss of confidentiality. http://[target]/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini ColdFusion 4.0 ExprCalc.cfm Arbitrary File Read Microsoft IIS ExAir search.asp Direct Request DoS 1999-01-26 00:00:00 1970-01-01 00:00:00 1999-01-26 00:00:00 1 1 1 1 1 1 Microsoft Corporation IIS 4.0 1999-0449 193 1500 2229 10004 http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html David Litchfield Personal Page mnemonix@GLOBALNET.CO.UK http://www.infowar.co.uk/mnemonix/ Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them. Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (search.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage. http://[target]/iissamples/exair/search/search.asp Microsoft IIS 4.0 ExAir search.asp DoS Microsoft IIS ExAir query.asp Direct Request DoS 1999-01-26 00:00:00 1970-01-01 00:00:00 1999-01-26 00:00:00 1 1 1 1 1 1 Microsoft Corporation IIS 4.0 1999-0449 1028 193 1500 2229 10003 http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html David Litchfield Personal Page mnemonix@GLOBALNET.CO.UK http://www.infowar.co.uk/mnemonix/ Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them. Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (query.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage. http://[victim]/iissamples/exair/search/query.asp Microsoft IIS 4.0 ExAir query.asp Direct Request DoS Microsoft IIS ExAir advsearch.asp Direct Request DoS 1999-01-26 00:00:00 1970-01-01 00:00:00 1999-01-26 00:00:00 1 1 1 1 1 1 Microsoft Corporation IIS 4.0 1999-0449 1028 193 1500 http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html 2229 10002 David Litchfield Personal Page mnemonix@GLOBALNET.CO.UK http://www.infowar.co.uk/mnemonix/ Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them. Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (advsearch.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage. http://[target]/iissamples/exair/search/advsearch.asp Microsoft IIS 4.0 ExAir advsearch.asp Direct Request DoS Microsoft IIS / Site Server showcode.asp source Variable Traversal Arbitrary File Access 1999-05-07 00:00:00 1970-01-01 00:00:00 1999-05-07 00:00:00 1 1 1 1 1 1 Microsoft Corporation Site Server 3.0 Microsoft Corporation Internet Information Server 4.0 1999-0736 1032 1033 1034 1035 1036 1037 k-068 http://www.microsoft.com/ MS99-013 10007 0167 232449 http://www.atstake.com/research/advisories/1999/showcode.txt 474 782 15749 1404 2381 Parcens Microsoft has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the /IISSamples virtual directory when not needed. As a general rule, do not install sample scripts or sample applications on a production server. Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'showcode.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable. http://[victim]/pathto/showcode.asp?source=../../../../../../boot.ini Microsoft IIS 4.0 / Site Server 3.0 showcode.asp source Variable Traversal Arbitrary File Access