TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
243
based, server scripting language that is ideal for programming web applications. The ColdFusion Markup
Language(CFML) cleanly integrates with HTML(Hyper Text Markup Language) for user interface and XML for data
exchange. ColdFusion(ColdFusion version 4.0, and 4.0.1) uses a CFCACHE tag. When the CFCACHE tag is used in
CFM page, it creates temprory files and also creates a cfcache.map files(which contains pointers to the .tmpfiles
including absolute pathnames, timestamps, and other URL information) with in the web document root, allowing
remote attacker to obtain sensitive system information. Upgrade to the latest version of ColdFusion(4.5 or later),
available at vendor's website.
Signature ID: 1808
WEB-COLDFUSION datasource Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_ISCOLDFUSIONDATASOURCE() function, could be used by an attacker to Verifies a
connection to a ColdFusion data source.
Signature ID: 1809
WEB-COLDFUSION datasource password Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_SETDATASOURCEPASSWORD() function, could be used by an attacker to Sets the
default password for the ColdFusion data source.
Signature ID: 1810
WEB-COLDFUSION datasource username vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_SETDATASOURCEUSERNAME() function, could be used by an attacker to Sets the
default user name for a ColdFusion data source.
Signature ID: 1811
WEB-COLDFUSION db connections flush vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages