Rule:

--
Sid:
917

--
Summary:
This even indicates an attempt to exploit undocumented CFML tags on a 
Allaire ColdFusion Server

--
Impact:
Extensive server data retrieval including settings and passwords

--
Detailed Information:
Undocumented CFML tags allow reading and decryption of sensitive data 
contained on servers running Allaire ColdFusion Server 2.0 - 4.0.1. This
data can be accesses by constructing a hosted application that accesses 
these undocumented tags with the possibility of changing values on the 
server and reading admin and studio passwords

--
Affected Systems:
	Allaire ColdFusion Server 2.0 - 4.0.1

--
Attack Scenarios:
A user with permission to create pages on the server installs an 
application that accesses the undocumented CFML tags, accessing this 
application would allow viewing and possible modifications of these 
settings

--
Ease of Attack:
Medium, Attackers need the ability to add files to the server. No "In 
the Wild" exploits were available at type of writing

--
False Positives:
None known

--
False Negatives:
None known

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Snort documentation contributed by matthew harvey <indexone@yahoo.com>
Original Rule Writer Unknown
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
References:

--
