Lucene search

K
cve[email protected]CVE-2001-0535
HistoryOct 30, 2001 - 5:00 a.m.

CVE-2001-0535

2001-10-3005:00:00
NVD-CWE-Other
web.nvd.nist.gov
20
coldfusion server
remote attack
access restriction failure
cve-2001-0535

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host’s domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the β€œHTTP Host” (CGI.Host) variable in (1) the β€œWeb Publish” example script, and (2) the β€œEmail” example script.

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%

Related for CVE-2001-0535