Macromedia Apache Web服务器空格编码导致脚本源码泄露漏洞发布时间:2003-07-08 更新时间:2003-07-08 严重程度:中 威胁程度:远程非授权文件存取 错误类型:意外情况处置错误 利用方式:服务器模式 BUGTRAQ ID:8136 受影响系统 Macromedia ColdFusion Server MX Profession详细描述 Macromedia的ColdFusion MX和JRun 4.0实现上存在漏洞,当攻击者在提交请求的URL后加上一个经过编码的空格时,服务器会把.cfm、.cfc、.cfml及.jsp脚本的源码泄露出来。攻击者可能利用这个漏洞得到一些敏感信息。 解决方案 厂商已经提供了补丁: Macromedia ColdFusion Server MX Professional: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia ColdFusion Server MX Enterprise: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia ColdFusion Server MX Developer: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia JRun 3.0: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia JRun 3.1: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia JRun 4.0 SP1a: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia JRun 4.0 SP1: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip Macromedia JRun 4.0: Macromedia Patch mpsb03-04.zip http://download.macromedia.com/pub/security/mpsb03-04.zip 相关信息 MPSB03-04 Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX http://www.macromedia.com/devnet/security/security_zone/mpsb03-04.html |
