Using both 5.5.1 and 5.5.2 I've found an issue when my site is scanned for vulnerabilities. Invalid fuseactions attempt to create a corresponding parsed file and this can trigger secondary "invalid filename" errors when invalid characters are passed in the URL string. Here is a sample query string that my external security scanner attempted:
fuseaction=user.loginPost1111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45)%20--%20%20/*
This throws an "Invalid CFML construct found on line 14 at column 251" exception.
Suggested fix: Invalid fuseactions should short-circuit the parsed file creation and simply trigger the invalid fuseaction exception.
Using both 5.5.1 and 5.5.2 I've found an issue when my site is scanned for vulnerabilities. Invalid fuseactions attempt to create a corresponding parsed file and this can trigger secondary "invalid filename" errors when invalid characters are passed in the URL string. Here is a sample query string that my external security scanner attempted:
fuseaction=user.loginPost1111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45)%20--%20%20/*
This throws an "Invalid CFML construct found on line 14 at column 251" exception.
Suggested fix: Invalid fuseactions should short-circuit the parsed file creation and simply trigger the invalid fuseaction exception.