Lucene search

[email protected]CVE-2008-1656

HistoryApr 09, 2008 - 7:05 p.m.

CVE-2008-1656

2008-04-0919:05:00

CWE-264

[email protected]

web.nvd.nist.gov

adobe

coldfusion

8.0.1

cfc

methods

remote invocation

vulnerability

flex 2 remoting

cve-2008-1656

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.8%

JSON

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

Affected configurations

NVD

Node

adobecoldfusionMatch8.0

adobecoldfusionMatch8.1

CPENameOperatorVersion
adobe:coldfusionadobe coldfusioneq8.0
adobe:coldfusionadobe coldfusioneq8.1

CPE	Name	Operator	Version
adobe:coldfusion	adobe coldfusion	eq	8.0
adobe:coldfusion	adobe coldfusion	eq	8.1

References

secunia.com/advisories/29748

securitytracker.com/id?1019806

www.adobe.com/support/security/bulletins/apsb08-12.html

www.osvdb.org/44280

www.securityfocus.com/bid/28698

www.vupen.com/english/advisories/2008/1157

exchange.xforce.ibmcloud.com/vulnerabilities/41720

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2008-1656

nvd2 cvelist2 prion1 seebug1 cve1