7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.1%
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local hostβs domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the βHTTP Hostβ (CGI.Host) variable in (1) the βWeb Publishβ example script, and (2) the βEmailβ example script.
CPE | Name | Operator | Version |
---|---|---|---|
macromedia:coldfusion_server | macromedia coldfusion server | eq | 4.x |