Vulnerabilities > CVE-2000-0538 - Unspecified vulnerability in Allaire Coldfusion Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
allaire
nessus
exploit available

Summary

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

Exploit-Db

descriptionColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability. CVE-2000-0538. Dos exploits for multiple platform
idEDB-ID:19996
last seen2016-02-02
modified2000-06-07
published2000-06-07
reporterStuart McClure
sourcehttps://www.exploit-db.com/download/19996/
titleColdFusion Server 2.0/3.x/4.x - Administrator Login Password DoS Vulnerability

Nessus

NASL familyCGI abuses
NASL idCOLD_FUSION_ADMIN_DOS.NASL
descriptionA denial of service vulnerability exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to overwhelm the web server and deny legitimate web page requests. By downloading and altering the login HTML form, an attacker can send overly large passwords (>40,0000 chars) to the server, causing it to stop responding.
last seen2020-06-01
modified2020-06-02
plugin id10581
published2000-12-19
reporterThis script is Copyright (C) 2000-2018 Matt Moore
sourcehttps://www.tenable.com/plugins/nessus/10581
titleCold Fusion Administration Page Overflow DoS
code
#
# This script was written by Matt Moore <[email protected]>
# Update - 13.9.01 - Felix Huber <[email protected]>
#
# See the Nessus Scripts License for details
#


include("compat.inc");

if(description)
{
 script_id(10581);
 script_bugtraq_id(1314);
 script_version ("1.29");
 script_cve_id("CVE-2000-0538");

 script_name(english:"Cold Fusion Administration Page Overflow DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a denial of service
vulnerability." );
 script_set_attribute(attribute:"description", value:
"A denial of service vulnerability exists within the Allaire ColdFusion
web application server (version 4.5.1 and earlier) which allows an 
attacker to overwhelm the web server and deny legitimate web page 
requests.

By downloading and altering the login HTML form, an attacker can send 
overly large passwords (>40,0000 chars) to the server, causing it to
stop responding." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Jun/109" );
 script_set_attribute(attribute:"solution", value:
"Use HTTP basic authentication to restrict access to this page or
remove it entirely if remote administration is not a requirement." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

 script_set_attribute(attribute:"plugin_publication_date", value: "2000/12/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/06/07");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Checks for the presence of /cfide/administrator/index.cfm";
 
 script_summary(english:summary["english"]);
 
 script_category(ACT_ATTACK);
 
 
 script_copyright(english:"This script is Copyright (C) 2000-2020 Matt Moore");
 family["english"] = "CGI abuses";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

# Check starts here

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80, embedded:TRUE);

if(get_port_state(port))
{ 
 # CFIDE will work with CF Linux also
 req = http_get(item:"/CFIDE/administrator/index.cfm",
 		port:port);
 r = http_keepalive_send_recv(port:port, data:req);
 if("PasswordProvided" >< r && "cf50" >!< r)	
 	security_warning(port);

}