Adobe ColdFusion多个跨站脚本及无效日志漏洞

Adobe ColdFusion MX 7.02
Adobe ColdFusion MX 7.01
Adobe ColdFusion MX 7.00
Adobe ColdFusion 8
BUGTRAQ ID: 28205,28207
CVE(CAN) ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203

ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。


ColdFusion没有正确地过滤某些CGI变量便返回给了用户,这允许远程攻击者通过篡改User Agent执行跨站脚本攻击,在用户浏览器会话中注入并执行任意HTML和脚本代码。


<*来源:Shigeyoshi Muraoka







1. One day life at campus

2. An interesting thing I remenbered at compus


An interesting thing I remembered at campus

        The interesting thing I remebered at campus is wathcing “The Lord of the Ring”.

        It was happened when I was in the grade One in the college. I was a new student in the campus. I was curious about everything. New man needn’t to do many things, so I always had a lot of sapre time. Occasionally, I saw a notice said the movie “The lord of the Ring” has being shown at every sunday night from 19:00 to 22:00. I went there at time.

        It was suprised that there were only a couple of students. I thought that there would be so many students that I had to sit back. I took my seat in the front. The movie has already began. What impressed me was not the movie, but the environment. I had watched the movie on TV before. It was a good movie that  I still like it. But the environment really gave me more that I expected. The scient room, few people, glommy light, the big screen and the perfect sound effect. It brought me into the middle land and into the legend.

        I enjoyed it and went there every sunday night. It never let me down. Till now, I still can not forget that environment. It has stored in my brain like an brilliant art.