Lucene search

[email protected]CVE-1999-0923

HistoryMar 12, 2001 - 5:00 a.m.

CVE-1999-0923

2001-03-1205:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

coldfusion server 4.0

cve-1999-0923

denial of service

proxy for http calls

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

JSON

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

CPENameOperatorVersion
allaire:coldfusion_serverallaire coldfusion servereq4.0

CPE	Name	Operator	Version
allaire:coldfusion_server	allaire coldfusion server	eq	4.0

References

www.allaire.com/handlers/index.cfm?ID=8739&Method=Full

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

JSON