CVE-2001-0535

2001-10-30T05:00:00
ID CVE-2001-0535
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:24:00

Description

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.