Coldfusion Server Security Vulnerabilities and Issues — Coldfusion Server CVE List

Lucene search

AllaireColdfusion Server

7 matches found

CVE•added 2000/10/13 4:0 a.m.•61 views

CVE-2000-0538

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

5CVSS6.7AI score0.09008EPSS

CVE•added 2003/04/02 5:0 a.m.•57 views

CVE-2002-0576

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

5CVSS6.7AI score0.01092EPSS

CVE•added 2001/09/18 4:0 a.m.•47 views

CVE-1999-0756

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.

5CVSS7AI score0.00655EPSS

CVE•added 2001/05/07 4:0 a.m.•42 views

CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

5CVSS7.2AI score0.00814EPSS

CVE•added 2000/04/10 4:0 a.m.•41 views

CVE-2000-0189

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

5CVSS7.1AI score0.00647EPSS

CVE•added 2000/07/12 4:0 a.m.•38 views

CVE-2000-0410

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

5CVSS6.8AI score0.00786EPSS

CVE•added 2001/05/07 4:0 a.m.•34 views

CVE-1999-0924

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

5CVSS7AI score0.00739EPSS