coldfusion mx 6.1 on iis file contents disclosure.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>320</plugin_id>
<plugin_name>ColdFusion MX 6.1 on IIS File Contents Disclosure</plugin_name>
<plugin_family>Enumeration</plugin_family>
<plugin_created_date>2004/12/03</plugin_created_date>
<plugin_created_name>David Nester</plugin_created_name>
<plugin_created_email>david at icrew dot org</plugin_created_email>
<plugin_created_web>http://www.icrew.org</plugin_created_web>
<plugin_created_company>iCrew Security</plugin_created_company>
<plugin_updated_name>David Nester</plugin_updated_name>
<plugin_updated_email>david at icrew dot org</plugin_updated_email>
<plugin_updated_web>http://www.icrew.org/</plugin_updated_web>
<plugin_updated_company>iCrew Security</plugin_updated_company>
<plugin_updated_date>2004/12/05</plugin_updated_date>
<plugin_version>1.5</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Microsoft-IIS/4.0* OR HTTP/#.# ### *Microsoft-IIS/5.[0-1]* OR HTTP/#.# ### *Microsoft-IIS/6.0*</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_published_web>http://www.macromedia.com/software/coldfusion/</bug_published_web>
<bug_published_date>2004/10/05</bug_published_date>
<bug_produced_name>Macromedia Cold Fusion</bug_produced_name>
<bug_produced_web>http://www.macromedia.com/software/coldfusion/</bug_produced_web>
<bug_not_affected>Other versions or solutions</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>ColdFusion is a web application programming language used to deliver dynamic web content and web services. An input validation error has been discovered in the way the ColdFusion MX server parses file type extensions. By supplying an invalid extension an attacker may be able to view previously restricted files on the web server.</bug_description>
<bug_solution>Apply the latest security patch from the vendor.  http://www.macromedia.com/software/coldfusion/</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>No</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>No</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>6</bug_popularity>
<bug_simplicity>1</bug_simplicity>
<bug_impact>5</bug_impact>
<bug_risk>6</bug_risk>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.macromedia.com/software/coldfusion/</source_misc>