Lucene search

[email protected]CVE-1999-0455

HistoryFeb 04, 2000 - 5:00 a.m.

CVE-1999-0455

2000-02-0405:00:00

[email protected]

web.nvd.nist.gov

cve-1999-0455

coldfusion

remote attack

server access

file deletion

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

Affected configurations

NVD

Node

allairecoldfusion_serverMatch4.0

CPENameOperatorVersion
allaire:coldfusion_serverallaire coldfusion servereq4.0

CPE	Name	Operator	Version
allaire:coldfusion_server	allaire coldfusion server	eq	4.0

References

www.securityfocus.com/bid/115

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-1999-0455

cvelist1 nvd1 nessus1