CVE-2004-1893

Vulnerability

Dreamweaver MX, when configured with "Using Driver On Testing Server" or "Using DSN on Testing Server" for database connectivity, uploads the mmhttpdb.asp script to the web server. This script is accessible without any authentication, exposing database connection details (DSNs) to remote attackers. The vulnerability affects Dreamweaver MX versions that include this remote database testing feature. [2]

Exploitation

An attacker can directly request mmhttpdb.asp on the target web server. No prior authentication or special network position is required beyond network access to the server. The script reveals DSN information, and a sophisticated attacker may craft SQL commands to be executed against the database server. [2]

Impact

Successful exploitation allows an attacker to obtain sensitive database connection strings (DSNs). In more advanced scenarios, the attacker may be able to send arbitrary SQL commands to the database server, potentially leading to data disclosure, modification, or full compromise of the database server. [2]

Mitigation

No software patch was released by Macromedia. The recommended mitigation is to avoid defining database connections using the driver on a testing server accessible to the public. If such a connection has been used, administrators should password-protect the database and use Dreamweaver's "Remove Connection Scripts" menu command to delete the exposed files. Further details are available in Macromedia TechNote 19214. [2]