Coldfusion@6.0 Security Vulnerabilities and Issues — Coldfusion@6.0 CVE List

Lucene search

MacromediaColdfusion6.0

11 matches found

CVE•added 2007/10/24 11:0 p.m.•74 views

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.

5CVSS6.5AI score0.01498EPSS

CVE•added 2005/04/21 4:0 a.m.•63 views

CVE-2004-0928

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

5CVSS6.9AI score0.28178EPSS

CVE•added 2005/06/21 4:0 a.m.•57 views

CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

4.3CVSS6.4AI score0.16341EPSS

CVE•added 2004/12/23 5:0 a.m.•49 views

CVE-2004-0646

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

10CVSS7.8AI score0.70947EPSS

CVE•added 2002/11/29 5:0 a.m.•46 views

CVE-2002-1309

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.

7.5CVSS8.2AI score0.04016EPSS

CVE•added 2005/02/13 5:0 a.m.•43 views

CVE-2004-1478

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

7.5CVSS6.7AI score0.07163EPSS

CVE•added 2005/05/10 4:0 a.m.•39 views

CVE-2004-1815

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

5CVSS6.7AI score0.08586EPSS

CVE•added 2005/10/25 4:0 a.m.•37 views

CVE-2004-2505

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

5CVSS7.1AI score0.21884EPSS

CVE•added 2005/12/19 3:47 a.m.•37 views

CVE-2005-4342

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

7.5CVSS7.2AI score0.00986EPSS

CVE•added 2005/12/19 3:47 a.m.•37 views

CVE-2005-4343

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

5CVSS7.3AI score0.01472EPSS

CVE•added 2005/07/10 4:0 a.m.•31 views

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

7.2CVSS6.8AI score0.00012EPSS