• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ColdFusion SandBox Security Bypass Vulnerability

ColdFusion is prone to a security-bypass vulnerability because the application fails to ensure that calls to ColdFusion Components (CFCs) are secure within a sandbox.

This issue allows local attackers to use the ColdFusion Markup Language (CFML) templates outside a sandbox to call CFCs within a sandbox.

The exact effects of exploiting this issue are currently unknown. Attackers may possibly exploit this issue to gain access to potentially sensitive information or to execute code that they are not intended to have access to. This may aid them in further attacks. Code execution has not been confirmed.