922.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

SID:
922
--

Rule:
--

Summary:
This even indicates an attempt to exploit undocumented CFML tags on a 
Allaire ColdFusion Server
--

Impact:
Extensive server data retrieval including settings and passwords
--

Detailed Information:
Undocumented CFML tags allow reading and decryption of sensitive data 
contained on servers running Allaire ColdFusion Server 2.0 - 4.0.1. This
data can be accesses by constructing a hosted application that accesses 
these undocumented tags with the possibility of changing values on the 
server and reading admin and studio passwords
--

Affected Systems:
	Allaire ColdFusion Server 2.0 - 4.0.1
--

Attack Scenarios:
A user with permission to create pages on the server installs an 
application that accesses the undocumented CFML tags, accessing this 
application would allow viewing and possible modifications of these 
settings
--

Ease of Attack:
Medium, Attackers need the ability to add files to the server. No "In 
the Wild" exploits were available at type of writing
--

False Positives:
None known
--

False Negatives:
None known
--

Corrective Action:
Patches are available from Allaire, install them.
--

Contributors:
Snort documentation contributed by matthew harvey <indexone@yahoo.com>
Original Rule Writer Unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
References:

--