Lucene search

[email protected]CVE-2006-3979

HistoryAug 09, 2006 - 10:04 a.m.

CVE-2006-3979

2006-08-0910:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

coldfusion

mx 7

adminapi

authentication bypass

nvd

7.6 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

55.6%

JSON

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using “programmatic access” to the adminAPI instead of the ColdFusion Administrator.

CPENameOperatorVersion
macromedia:coldfusionmacromedia coldfusioneq7.02
macromedia:coldfusionmacromedia coldfusioneq7.0

CPE	Name	Operator	Version
macromedia:coldfusion	macromedia coldfusion	eq	7.02
macromedia:coldfusion	macromedia coldfusion	eq	7.0

References

secunia.com/advisories/21421

securitytracker.com/id?1016660

www.adobe.com/support/security/bulletins/apsb06-10.html

www.securityfocus.com/bid/19426

www.vupen.com/english/advisories/2006/3224

exchange.xforce.ibmcloud.com/vulnerabilities/28294

7.6 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

55.6%

JSON