strange behavior with check browser link on default CF error page

Report · Dec 27, 2021

so one of developers point this out -

and it seems not to be updated related.

When you get the default error page on CF and under vistor information there is a link "Check Browser"

it goes to the following link "https://user-agents.me/test/user-agent-parser") DO NOT CLICK on the link t b basically goes to a dating site (for lack of a better word).

I thought this was a result of the recently installed Update 3 but I reverted to a previous snap and does not seem to be the case -

Report · Jan 03, 2022

Report it as a ColdFusion bug.

Report · Jan 03, 2022

Guys, that is NOT any sort of default error page that Cf offers. Pete, you must have some cf error handler setup that is showing that info (all that we see in the screenshot, like the headers).

It may be set at the server level (in the cf admin Settings page, and its site wide error handler) or at the app level (as an onerror method in application.cfc or a cferror in perhaps an application.cfm, or included file), and those would point at a file on your server that you could edit to correct this. Or search your code base for that text (that url or those headers) to find it.

But it's not a bug to file with Adobe.

/Charlie (troubleshooter, carehart.org)

Report · Jan 03, 2022

To me, what this looks like is a spammer embedded a link in the User Agent string which, when rendered as the attachment shows, it becomes a clickable link.

To my knowledge, the default CF error page does not include the User Agent string, so like Charlie says, this appears to be a custom error page.

Report · Jan 03, 2022

Eddie, while it's certainly possible that someone could embed a url in a useragent (indeed, many UAs do that to add a link with more info on who they are), the screenshot shows that this is actually an html link that shows the words "check browser". I really doubt THAT html link was embedded in a user agent. 🙂 Could it be? I suppose. It would be a stretch to imagine someone doing that, expecting/hoping that a page would then render that (on an error) to someone, who would click the link.

Instead, I REALLY think this is just something that was innocently put in place by some dev or admin on Pete's server, in years past, as part of making error handling look "more helpful" (to whoever was being shown that error info...which I will assume was not shown to end users, though it could happen).

Again, hearing the result of Pete's search for it will be the proof.

Also, FWIW, a check of web.archive.org shows that that user-agents.me site was ineed a legit one until 2019. That all the more fits this being something that "made sense" in the past but simply no longer does. And Pete, you could just remove it. I'm sure few folks (seeing your error handler text there) likely ever really clicked that link to learn more about the UA that caused the error. If they did, there are surely still other ways to get more on a UA if you/someone wanted to add that sort of thing back to that error handler. 🙂

/Charlie (troubleshooter, carehart.org)

Report · Jan 03, 2022

hey guys,

thanks for the input -

in the application in question is extremely old - probably over 10 years worth of coding - and the cf error handler defiantly looks to be a custom page - we found the the link in one of the class files and it was removed -

and like Eddie said we checked waybackmachine that day after about two hours looking for the string and we came to the same conclusion,

we are in process of updating the sites CF version and authentication methods and such.