Vulnerability Name:

CCN-5755

Published:2000-12-08
Updated:2000-12-08
Summary:ColdFusion is vulnerable to a denial of service attack if the search engine sample script is installed. If the directories on the server are not indexed, the search engine script calls a separate indexing script to index directories on the server. An attacker can directly request this indexing script from a Web browser to consume 100% of the CPU resources after multiple requests are made. This could cause the server to stop accepting any new Web requests. The service must be stopped and restarted to regain normal functionality.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Fri Dec 08 2000 - 08:56:59 CST
ColdFusion Denial of Service vulnerability in sample script

Source: CCN
Type: Macromedia Technote 16258
Security Best Practice: Removing Sample Applications and Online Documentation from Production Servers

Source: CCN
Type: BID-2094
Allaire ColdFusion Sample Script DoS Vulnerability

Source: XF
Type: UNKNOWN
coldfusion-sample-dos(5755)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:4.5.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 4.5.1