ColdFusion exprcalc.cfm OpenFilePath Variable Arbitrary File Disclosure
1998-12-25 00:00:00
1970-01-01 00:00:00
1998-12-25 00:00:00
1
1
1
1
1
1
Macromedia, Inc.
ColdFusion
2.0
Macromedia, Inc.
ColdFusion
3.0
Macromedia, Inc.
ColdFusion
3.1
Macromedia, Inc.
ColdFusion
4.0
911
1999-0455
http://www.macromedia.com/devnet/security/security_zone/asb99-01.html
115
1740
http://www.phrack.org/phrack/54/P54-08
10001
RFP
RFP Labs
rfp@wiretrip.net
http://www.wiretrip.net/rfp
Upgrade to version 4.0.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by removing all sample code and documentation from the server.
ColdFusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker specifies the OpenFilePath variable in the Expression Evaluator. This allows an attacker to view the contents of arbitrary files on the server and may result in a loss of confidentiality.
http://[target]/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
ColdFusion 4.0 ExprCalc.cfm Arbitrary File Read
Microsoft IIS ExAir search.asp Direct Request DoS
1999-01-26 00:00:00
1970-01-01 00:00:00
1999-01-26 00:00:00
1
1
1
1
1
1
Microsoft Corporation
IIS
4.0
1999-0449
193
1500
2229
10004
http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html
David Litchfield
Personal Page
mnemonix@GLOBALNET.CO.UK
http://www.infowar.co.uk/mnemonix/
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them.
Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (search.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.
http://[target]/iissamples/exair/search/search.asp
Microsoft IIS 4.0 ExAir search.asp DoS
Microsoft IIS ExAir query.asp Direct Request DoS
1999-01-26 00:00:00
1970-01-01 00:00:00
1999-01-26 00:00:00
1
1
1
1
1
1
Microsoft Corporation
IIS
4.0
1999-0449
1028
193
1500
2229
10003
http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html
David Litchfield
Personal Page
mnemonix@GLOBALNET.CO.UK
http://www.infowar.co.uk/mnemonix/
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them.
Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (query.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.
http://[victim]/iissamples/exair/search/query.asp
Microsoft IIS 4.0 ExAir query.asp Direct Request DoS
Microsoft IIS ExAir advsearch.asp Direct Request DoS
1999-01-26 00:00:00
1970-01-01 00:00:00
1999-01-26 00:00:00
1
1
1
1
1
1
Microsoft Corporation
IIS
4.0
1999-0449
1028
193
1500
http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html
2229
10002
David Litchfield
Personal Page
mnemonix@GLOBALNET.CO.UK
http://www.infowar.co.uk/mnemonix/
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them.
Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (advsearch.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.
http://[target]/iissamples/exair/search/advsearch.asp
Microsoft IIS 4.0 ExAir advsearch.asp Direct Request DoS
Microsoft IIS / Site Server showcode.asp source Variable Traversal Arbitrary File Access
1999-05-07 00:00:00
1970-01-01 00:00:00
1999-05-07 00:00:00
1
1
1
1
1
1
Microsoft Corporation
Site Server
3.0
Microsoft Corporation
Internet Information Server
4.0
1999-0736
1032
1033
1034
1035
1036
1037
k-068
http://www.microsoft.com/
MS99-013
10007
0167
232449
http://www.atstake.com/research/advisories/1999/showcode.txt
474
782
15749
1404
2381
Parcens
Microsoft has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the /IISSamples virtual directory when not needed. As a general rule, do not install sample scripts or sample applications on a production server.
Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'showcode.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable.
http://[victim]/pathto/showcode.asp?source=../../../../../../boot.ini
Microsoft IIS 4.0 / Site Server 3.0 showcode.asp source Variable Traversal Arbitrary File Access