Lucene search

[email protected]CVE-2004-2505

HistoryOct 25, 2005 - 4:00 a.m.

CVE-2004-2505

2005-10-2504:00:00

[email protected]

web.nvd.nist.gov

macromedia

coldfusion mx

security

denial of service

cve-2004-2505

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

Affected configurations

NVD

Node

macromediacoldfusionMatch5.0

macromediacoldfusionMatch6.0

CPENameOperatorVersion
macromedia:coldfusionmacromedia coldfusioneq5.0
macromedia:coldfusionmacromedia coldfusioneq6.0

CPE	Name	Operator	Version
macromedia:coldfusion	macromedia coldfusion	eq	5.0
macromedia:coldfusion	macromedia coldfusion	eq	6.0

References

archives.neohapsis.com/archives/bugtraq/2004-04/0184.html

www.securityfocus.com/bid/10163

exchange.xforce.ibmcloud.com/vulnerabilities/15895

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2004-2505

cvelist1 nvd1