| VID |
21011 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
ColdFusion Syntax Checker is a program distributed along with ColdFusion for the purpose of testing the CFML code of old version in order to check if compatible with version 4.
This program has DOS vulnerability that can paralyze the system by making the system use all available system resources.
* References:
http://www.iss.net/security_center/static/1742.php |
| Recommendation |
1. Install the Cold Fusion 4.0.1 Update from the Allaire web site. See References.
2. Obtain and install the appropriate ColdFusion Expression Evaluator Security Patch, available at http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full.
3. Users who do not wish to patch their systems should remove the applications from //CFDOCS/expeval (namely evaluate.cfm). |
| Related URL |
CVE-1999-0923,CVE-1999-0924 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
