ColdFusion 10.0  -  Feature 3517498

Created on Monday, March 11, 2013

Login for more options

Title

cflogin - errors with bad input

Description

I've now seen cflogin throw an error twice now w/ bad input at - I believe - the cookie level. Here is a report from one user:

http://www.raymondcamden.com/forums/messages.cfm?threadid=C60102CA-9221-2FD6-A3CEDCAA37CDBF73&page=1&

Another one is an array error:

java.lang.ArrayIndexOutOfBoundsException: 1 at coldfusion.security.SecurityManager.parseAuthInfo(SecurityManager.java:2677) at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:358) at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:329) at cfApplication2ecfm752727542.runPage(C:\inetpub\wwwroot\Forta Forums\Application.cfm:93) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:444) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:346) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(

At the end of the day, these smell like someone trying to hack, but cflogin shouldn't throw these exceptions.

Test Configuration

My Hardware and Environment details:

App Language(s) English
OS Language(s) English
Platform(s) Platforms All
Browser(s)

Notes (0)

Duplicate ID
Reported By cfjedimaster

Status

State Closed
Status Fixed
Reason

Importance

Priority 0-Unknown
Frequency Some users will encounter
Failure Type Unspecified
Product Area Security

Build

Found In Build Final
Fixed In Build 284476

Attachments (0)

No Files Attached

Votes (0)

Your session has expired! Click to login
Current form data will be preserved

Cancel