Allaire ColdFusion CFCRYPT.EXE漏洞

漏洞信息详情

Allaire ColdFusion CFCRYPT.EXE漏洞

• CNNVD编号：CNNVD-200103-013
• 危害等级： 低危
  
  
• CVE编号：
  CVE-1999-0757
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-03-12
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  allaire
• 漏洞来源：
  This vulnerability…

加密CFML模板的ColdFusion CFCRYPT程序有弱的加密。攻击者解密该模板。

While SecurityFocus does not consider the following to be a sufficient solution, the Allaire Security Bulletin offers the following suggestion:
(Quoted verbatim from ASB99-08)
What Customers Should Do
In general, people using CFRYPT.EXE to hide source code should recognize that there is the possibility of pages being illegally decrypted. Customers who are creating commercial applications for redistribution or sale should include a license agreement that clearly states users are not authorized to decrypt encrypted pages. Organizations using CFCRYPT.EXE to protect code internally should recognize the risk that decoding may pose and adjust accordingly.

来源: XF
名称: coldfusion-encryption
链接:http://xforce.iss.net/static/2208.php

来源: ALLAIRE
名称: ASB99-08
链接:http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full