Allaire ColdFusion远程文件的显示，删除，上传和执行漏洞

漏洞信息详情

Allaire ColdFusion远程文件的显示，删除，上传和执行漏洞

• CNNVD编号：CNNVD-199912-084
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-0455
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1999-12-25
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  allaire
• 漏洞来源：
  rain.forest.puppy …

ColdFusion中的表达式计算器示例应用程序存在漏洞，远程攻击者利用该漏洞通过exprcalc.cfm读取或删除服务器上的文件。exprcalc.cfm可以正确的无限制的访问服务器的。

Use one of the following solutions:
1. Remove the documentation directory (CFDOCS) from the server (this will not affect functionality of the server).
2. Install the ColdFusion Server 4.0.1 Update, available for download from the DevCenter:
http://www.allaire.com/developer
(Note the 4.0.1 Update requires ColdFusion Server 4.0.)
3: For versions of ColdFusion prior to 4.0, Allaire has released a patch that requires requests for the .cfm files in question to originate from the local host in order to be processed.
Allaire ColdFusion Server 2.0

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 3.0

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 3.0.1

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 3.1

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 3.1.1

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 3.1.2

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

Allaire ColdFusion Server 4.0

• Allaire cfexpreval.exeFor Windows NT.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.exe
• Allaire cfexpreval.tar.ZFor Solaris.
  
  http://download.allaire.com/patches/coldfusion/cfexpreval.tar.Z

来源: BID
名称: 115
链接:http://www.securityfocus.com/bid/115