Summary
A denial of service vulnerability exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to overwhelm the web server and deny legitimate web page requests.
By downloading and altering the login HTML form an attacker can send overly large passwords (>40,0000 chars) to the server, causing it to stop responding.
Solution
Use HTTP basic authentication to restrict access to this page or remove it entirely if remote administration is not a requirement. A patch should be available from allaire - www.allaire.com..
Severity
Classification
-
CVE CVE-2000-0538 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities