///////////////////////////////////////////////////////////////////////
========================>> Security Advisory <<========================
///////////////////////////////////////////////////////////////////////


-------------------------------------------------------------------- 
		Macromedia ColdFusion MX Cross site scripting vulnerability
--------------------------------------------------------------------

=> Author: Ory Segal, Sanctum Inc.

=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)

=> Vendor: Macromedia ( http://www.macromedia.com )

=> Product: 
        - Macromedia ColdFusion MX (ColdFusion Server version: 6.0.0.46617)
        - Notes: 
                 [1] The vulnerabilities were tested on the evaluation version.
                 [2] The ColdFusion server was tested on Win2K (SP2) + IIS/5.0
=> Severity: High

=> CVE candidate: Not assigned

=> Summary: 
        A "Cross Site Scripting" vulnerability exists when requesting a non-existent
        ".cfm" file.

=> Description:
        Macromedia's ColdFusion MX comes with a default 404 error page.
        This 404 error page presents the path of the file requested, and does not filter it
        for hazardous characters, which might be used for a cross site scripting attack. 
        For example, the following request will pop-up a message containing the current session
        cookies:

        http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm 

=> Solution: Patch available from the vendor's web site at: 
             http://www.macromedia.com/v1/handlers/index.cfm?ID=23047

=> Workaround: 
        Change the default 404 error page associated with .cfm files, to your 
        own customized 404 error page.