Vulnerabilities > CVE-2006-2310 - Denial Of Service vulnerability in BlueDragon Server .CFM Files
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. This vulnerability is addressed in the following product release: New Atlanta Communications, BlueDragon Server, 6.2.1.309
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | BlueDragon Server 6.2.1 .CFM Files Denial Of Service Vulnerability. CVE-2006-2310. Dos exploit for cfm platform |
id | EDB-ID:28100 |
last seen | 2016-02-03 |
modified | 2006-06-23 |
published | 2006-06-23 |
reporter | Tan Chew Keong |
source | https://www.exploit-db.com/download/28100/ |
title | BlueDragon Server 6.2.1 - .cfm Denial of Service Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | BLUEDRAGON_621.NASL |
description | The remote host is running BlueDragon Server / Server JX, Java-based servers for stand-alone deployment of CFML (ColdFusion Markup Language) pages. The version of BlueDragon Server / Server JX installed on the remote host fails to sanitize user-supplied input passed as part of the filename before using it in a dynamically-generated error page. An unauthenticated attacker can exploit this issue to execute arbitrary HTML and script code in a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21748 |
published | 2006-06-23 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21748 |
title | BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS) |
code |
|