Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:135531
HistoryJul 30, 2001 - 12:00 a.m.

Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files

2001-07-3000:00:00
www.kb.cert.org
9

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.013 Low

EPSS

Percentile

86.0%

JSON

Overview

A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host.

Description

A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorized read and delete access to files on the target host. For more information on this vulnerability and versions affected, please see the Macromedia Product Security Bulletin (MPSB01-07).

Impact

An attacker can cause the ColdFusion server to retrieve or delete arbitrary files accessible to the ColdFusion server process. This vulnerability may allow an attacker to disclose confidential information and/or destroy data on the target host. Note that this attack does not depend on how the targeted site’s ColdFusion application is coded in the ColdFusion Markup Language (CFML).

Solution

Apply the following patches available from Allaire:

Windows Editions
Solairs Editions
Linux Editions
HP-UX Editions

Vendor Information

135531

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Macromedia Inc. __ Affected

Notified: July 11, 2001 Updated: July 30, 2001

Status

Affected

Vendor Statement

Please see <http://www.allaire.com/handlers/index.cfm?id=21566&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23135531 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported to the CERT/CC by Macromedia on July 11, 2001.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2001-1120
Severity Metric: 18.98 Date Public:

Related

cve 1
cvelist 1
nvd 1
cve
cve
CVE-2001-1120
2002-03-15 05:00:00
cvelist
cvelist
CVE-2001-1120
2002-03-15 05:00:00
nvd
nvd
CVE-2001-1120
2001-07-11 04:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.013 Low

EPSS

Percentile

86.0%

JSON
Related for VU:135531
cve1cvelist1nvd1