0 Replies Latest reply on Apr 14, 2008 8:21 AM by SilentBob'secretfusion

    Moderate Security Problem: Coldfusion 8

    SilentBob'secretfusion Level 1
      Does anyone know if this effects Coldfusion 7?



      Title : Adobe ColdFusion CFC Methods Access Level Bypass Vulnerability
      Advisory ID : FrSIRT/ADV-2008-1157
      CVE ID : CVE-2008-1656
      Rated as : Moderate Risk
      Remotely Exploitable : Yes
      Locally Exploitable : Yes
      Release Date : 2008-04-09

      Advisory Details

      Affected Products
      Technical Description Receive FrSIRT alerts in a Text format Receive FrSIRT alerts in a PDF format Receive FrSIRT alerts in an XML format Receive FrSIRT notifications by SMS

      A vulnerability has been identified in Adobe ColdFusion, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error in the CFC methods that can be invoked from Flex 2 remoting even if the access level is set to "public", which could be exploited by a malicious user to access functions not intended for remote use by the developer.