| VID |
21921 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The BlueDragon Server is vulnerable to multiple vulnerabilities which exist in versions 6.2.1.286 and earlier. BlueDragon is a server-side product for the deployment of CFML (ColdFusion Markup Language) pages. BlueDragon versions 6.2.1.286 and earlier are vulnerable to two vulnerabilities, which could be exploited by remote attackers to cause a DoS (Denial of Service) and cause cross-site scripting attacks.
1) An error exists within the handling of HTTP requests containing an MS-DOS device name with the ".cfm" or "cfml" file extension, which could be exploited by remote attackers to cause the service to stop responding to requests for ".cfm" or ".cfml" files.
2) An error exists within the handling of malformed URL and displaying the default error page, which could be exploited by remote attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
* References:
http://secunia.com/advisories/19180
http://www.frsirt.com/english/advisories/2006/2502
* Platforms Affected:
BlueDragon Server for Windows versions 6.2.1.286 and earlier
BlueDragon Server JX for Windows versions 6.2.1.286 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of BlueDragon (6.2.1.309 or later), available from the BlueDragon FTP page at ftp://ftp.newatlanta.com/public/bluedragon/6_2_1_302/patches/309/ |
| Related URL |
CVE-2006-2310,CVE-2006-2311 (CVE) |
| Related URL |
18623,18624 (SecurityFocus) |
| Related URL |
27338,27341 (ISS) |
|
