0 Replies Latest reply on Jun 20, 2013 4:23 AM by winkelmann

    Coldfusion 8.01, Nessus Finding CVE-2002-0894

    winkelmann Level 1

      Hello;

      I have a problem with the security issue CVE-2002-0894 and CVE-2000-0681.

      We use CF 8.01 enterprise under windows server 2003 with IIS 6.0 Webserver.

       

      Our internal scans find an issue ServletExec 4.1 / JRUN ISAPI Multiple DoS.

      Description: By sending an overly long request for a .jsp file, it is possible to crash the remote web server. 



      This problem is known as the ServletExec / JRun ISAPI DoS.

      Download patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/

      See Also
http://www.westpoint.ltd.uk/advisories/wp-02-0006.txt

      No more infos.

      ------------------------------------------------------------------------------------------ -------

       

      But I can't find on the Adobe Websites or in in the CVE Database a direct link to Coldfusion or Adobe patches (ApsB xxx).

      No info, how to fix the finding or install the patch under cold fusion.

       

      Has anybody experiences with this topic CVE-2002-0894 and CVE-2000-0681 under coldfusion or could give me an advisory.

       

      thank's frank