| VID |
22215 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ColdFusion MX Server has multiple vulnerabilities via the RDS service.
ColdFusion RDS allows developers to securely access remote files and data sources, and debug CFML code. Developers can use RDS through ColdFusion Studio, Homesite+, and Dreamweaver MX to access files and databases on a remote ColdFusion development server using a HTTP connection. When properly configured, RDS requires a (static) password to authenticate the remote developer.
The first vulnerability (1) is that a remote user can reconfigure an affected website properties to access (put and get) any file on the ColdFusion server. The second vulnerability (2) is that, by default, RDS does not require a password for authentication (null password). Therefore, anyone with a RDS compatible development application, can attach to a ColdFusion server running RDS, authenticate with a blank password, and own the box. The third vulnerability (3) is that when the RDS password is set, it is sent over the wire in clear text.
* References:
http://sec.angrypacket.com/advisories/0006_AP.CF-rds-dump.txt
http://www.securitytracker.com/alerts/2003/Jul/1007124.html
* Platforms Affected:
Macromedia ColdFusion Server MX Professional
Macromedia ColdFusion Server MX Enterprise
Macromedia ColdFusion Server MX Developer
Macromedia ColdFusion Server MX 6.0
Microsoft Windows Any version |
| Recommendation |
No patch or upgrade available as of June 2014. |
| Related URL |
(CVE) |
| Related URL |
8109,8110 (SecurityFocus) |
| Related URL |
12569 (ISS) |
|
