Adobe ColdFusion Cross Site Scripting and Session Fixation Vulnerabilities


Description   Multiple vulnerabilities have been identified in Adobe ColdFusion, which could be exploited by attackers to gain knowledge of sensitive information or gain elevated privileges.
The first issues are caused by multiple input validation errors when processing user-supplied data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
The second vulnerability is caused by an error when processing requests containing a double-encoded null character, which could lead to information disclosure.
The third issue is caused by an unspecified error which could allow session fixation attacks, leading to privilege escalation.
     
Vulnerable Products   Vulnerable Software:
Adobe ColdFusion version 8.0.1 and prior
     
Solution   Apply patches for ColdFusion 7.0.2 : http://download.macromedia.com/pub/coldfusion/updates/702/CFIDE-7.0.2.ziphttp://download.macromedia.com/pub/coldfusion/updates/702/CF7.0.2.ziphttp://download.macromedia.com/pub/coldfusion/updates/702/hf702-1875.jarhttp://download.macromedia.com/pub/coldfusion/updates/hf702-1878.jarhttp://download.macromedia.com/pub/coldfusion/updates/wsconfig.jarApply patches for ColdFusion 8 : http://download.macromedia.com/pub/coldfusion/updates/8/CFIDE-8.ziphttp://download.macromedia.com/pub/coldfusion/updates/8/CF8.ziphttp://download.macromedia.com/pub/coldfusion/updates/8/hf800-1875.jarhttp://download.macromedia.com/pub/coldfusion/updates/hf800-1878.jarhttp://download.macromedia.com/pub/coldfusion/updates/wsconfig.jarApply patches for ColdFusion 8.0.1 : http://download.macromedia.com/pub/coldfusion/updates/801/CFIDE-cf8.0.1.ziphttp://download.macromedia.com/pub/coldfusion/updates/801/CF8.0.1.ziphttp://download.macromedia.com/pub/coldfusion/updates/801/hf801-1875.jarhttp://download.macromedia.com/pub/coldfusion/updates/hf801-1878.jarhttp://download.macromedia.com/pub/coldfusion/updates/wsconfig.jar
     
CVE   CVE-2009-1878
CVE-2009-1877
CVE-2009-1876
CVE-2009-1875
CVE-2009-1872
     
References   http://www.adobe.com/support/security/bulletins/apsb09-12.html
http://www.dsecrg.ru/pages/vul/show.php?id=122
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2009-08-17 

 Target Type 
Client 

 Possible exploit 
Local & Remote