ColdFusion Web Application Server DoS Attack

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 Vulnerability within the Allaire ColdFusion web application server which allows an attacker to overwhelm the web server and deny legitimate web page requests.

Category:

DoS: An exploit whose purpose is to deny somebody the use of the service: namely to crash or hang a program or the entire system. Examples of DoS attacks include flooding the victim with more traffic than can be handled; flooding a service (like IRC) with more events than it can handle bomb; crashing a TCP/IP stack by sending corrupt packets; crashing a service by interacting with it in an unexpected way; or hanging a system by causing it to go into an infinite loop. For example, the Ping of Death exploit crashed machines by sending illegally fragmented packets at a victim. A common word for DoS is ""nuke"", which was first popularized by the WinNuke program.

Similar Pests:

 DoS

Origins

Author:

 Stuart McClure

Date of Origin:

 December, 2000

Operation

Storage Required:
  • ColdFusion Web Application Server DoS Attack: at least 5 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove ColdFusion Web Application Server DoS Attack from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 June 27, 2004