https://www.exploit-db.com/exploits/19996
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-028

AllaireColdFusion是一种流行的Web功能扩展软件包，可以运行在Windows、HP-UX、Linux等多种平台上。AllaireColdFusionv4.5.1及其以前版本在处理口令验证请求过程中存在一个安全漏洞，如果在管理员登录页面的口令域里输入超过40000个字符，CPU占用率将达到100%，进程挂起，造成拒绝服务攻击。登录页面表单默认会阻止你输入超过40000个字符，然而恶意用户可以下载页面到本地，修改后向ColdFusion服务器提交超过40000个字符。为了恢复正常功能，必须重启ColdFusion服务。管理员登录页面可以通过如下链接获得：http://www.target.com/cfide/administrator/index.cfm修改域尺寸和POSTaction，就允许提交超过40000个字符。

source: http://www.securityfocus.com/bid/1314/info

Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page. CPU utilization could reach up to 100%, bringing the program to halt. The default form for the login page would prevent such an attack. However, a malicious user could download the form locally to their hard drive, modify HTML tag fields, and be able to submit the 40 000 character string to the ColdFusion Server.

Restarting the application would be required in order to regain normal functionality.


The Administrator login page can be typically accessed via:
http://target/cfide/administrator/index.cfm

Modify the field size and POST action in the HTML tags to allow for the input of a character string consisting of over 40 000 characters.

来源:XF
名称:coldfusion-parse-dos
链接:http://xforce.iss.net/static/4611.php
来源:BID
名称:1314
链接:http://www.securityfocus.com/bid/1314
来源:ALLAIRE
名称:ASB00-14
链接:http://www.allaire.com/handlers/index.cfm?ID=16122&Method;=Full
来源:OSVDB
名称:3399
链接:http://www.osvdb.org/3399
来源:BUGTRAQ
名称:20000607NewAllaireColdFusionDoS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=96045469627806&w;=2
来源：NSFOCUS
名称：585
链接：http://www.nsfocus.net/vulndb/585